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Abstract 

The present article introduces ptarithmetic (short for "polynomial time arithmetic") — a formal 
number theory similar to the well known Peano arithmetic, but based on the recently born computability 
logic instead of classical logic. The formulas of ptarithmetic represent interactive computational problems 
rather than just true/false statements, and their "truth" is understood as existence of a polynomial time 
solution. The system of ptarithmetic elaborated in this article is shown to be sound and complete. Sound 
in the sense that every theorem T of the system represents an interactive number-theoretic computational 
problem with a polynomial time solution and, furthermore, such a solution can be effectively extracted 
from a proof of T. And complete in the sense that every interactive number-theoretic problem with a 
polynomial time solution is represented by some theorem T of the system. 

The paper is self-contained, and can be read without any prior familiarity with computability logic. 
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1 Introduction 

Computability logic (CL), introduced in |11 [I151[^ , is a semantical, matiiematical and philosophical platform, 
and an ambitious program, for redeveloping logic as a formal theory of computability, as opposed to the 
formal theory of truth which logic has more traditionally been. Under the approach of CL, formulas represent 
computational problems, and their "truth" is seen as algorithmic solvability. In turn, computational problems 
— understood in their most general, interactive sense — are defined as games played by a machine against 
its environment, with "algorithmic solvability" meaning existence of a machine that wins the game against 
any possible behavior of the environment. And an open-ended collection of the most basic and natural 
operations on computational problems forms the logical vocabulary of the theory. With this semantics, CL 
provides a systematic answer to the fundamental question "w/iai can be computed?" , just as classical logic 
is a systematic tool for telling what is true. Furthermore, as it turns out, in positive cases "w/iat can be 
computed" always allows itself to be replaced by "/low can be computed" , which makes CL of potential 
interest in not only theoretical computer science, but many more applied areas as well, including interactive 
knowledge base systems, resource oriented systems for planning and action, or declarative programming 
languages. 

While potential applications have been repeatedly pointed out and outlined in introductory papers on 
CL, so far all technical efforts had been mainly focused on finding axiomatizations for various fragments 
of this semantically conceived and inordinately expressive logic. Considerable advances have already been 
made in this direction ([I1]-[T5, Hi], [H]), and more results in the same style are probably still to 

come. It should be however remembered that the main value of CL, or anything else claiming to be a "Logic" 
with a capital "L" , will eventually be determined by whether and how it relates to the outside, extra-logical 
world. In this respect, unlike many other systems officially qualified as "logics", the merits of classical logic 
are obvious, most eloquently demonstrated by the fact that applied formal theories, a model example of 
which is Peano arithmetic PA, can be and have been successfully based on it. Unlike pure logics with their 
meaningless symbols, such theories are direct tools for studying and navigating the real world with its non- 
man-made, meaningful objects, such as natural numbers in the case of arithmetic. To make this point more 
clear to a computer scientist, one could compare a pure logic with a programming language, and applied 
theories based on it with application programs written in that language. A programming language created 
for its own sake, mathematically or esthetically appealing but otherwise unusable as a general-purpose, 
comprehensive basis for application programs, would hardly be of much interest. 

So, in parallel with studying possible axiomatizations and various metaproperties of pure computability 
logic, it would certainly be worthwhile to devote some efforts to justifying its right on existence through 
revealing its power and appeal as a basis for applied theories. First and so far the only concrete steps 
in this direction have been made only very recently in [5S], where a CL-based system CLAl of (Peano) 
arithmetic was constructed0 Unlike its classical-logic-based counterpart PA, CLAl is not merely about 
what arithmetical facts are irwe, but about what arithmetical problems can be actually computed or effectively 
solved. More precisely, every formula of the language of CLAl expresses a number-theoretic computational 
problem (rather than just a true/false fact), every theorem expresses a problem that has an algorithmic 
solution, and every proof encodes such a solution. Does not this sound exactly like what the constructivists 
have been calling for? 

Unlike the mathematical or philosophical constructivism, however, and even unlike the early-day the- 
ory of computation, modern computer science has long understood that, what really matters, is not just 
computability, but rather efficient computability. So, the next natural step on the road of revealing the im- 
portance of CL for computer science would be showing that it can be used for studying efficient computability 

^The paper |28| (in Chinese) is apparently another exception, focused on applications of CL in AI. 
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just as successfully as for studying computability-in-principle. Anyone familiar with the earlier work on CL 
could have found reasons for optimistic expectations here. Namely, every provable formula of any of the 
known sound axiomatizations of CL happens to be a scheme of not only "always computable" problems, 
but "always efficiently computable" problems just as well, whatever efficiency exactly mens in the context of 
interactive computation that CL operates in. That is, at the level of pure logic, computability and efficient 
computability yield the same classes of valid principles. The study of logic abounds with phenomena in this 
style. One example would be the well known fact about classical logic, according to which validity with 
respect to all possible models is equivalent to validity with respect to just models with countable domains. 

At the level of reasonably expressive applied theories, however, one should certainly expect significant dif- 
ferences depending on whether the underlying concept of interest is efficient computability or computability- 
in-principle. For instance, the earlier-mentioned system CLAl proves formulas expressing computable but 
not always efficiently computable arithmetical problems. The purpose of the present paper is to construct a 
CL-based system for arithmetic which, unlike CLAl, proves only efficiently — specifically, polynomial time 
— computable problems. The new applied formal theory PTA (^^ptarithmetid\ short for "polynomial time 
arithmetic") presented in Section [T2l achieves this purpose. 

Just like CLAl, our present system PTA is not only a cognitive, but also a problem-solving tool: in 
order to find a solution for a given problem, it would be sufficient to write the problem in the language of 
the system, and find a proof for it. An algorithmic solution for the problem then would automatically come 
together with such a proof. However, unlike the solutions extracted from CLAl-proofs, which might be 
intractable, the solutions extracted from PTA-proofs would always be efficient. 

Furthermore, PTA turns out to be not only sound, but also complete in a certain reasonable sense that 
we call extensional completeness. According to the latter, every number-theoretic computational problem 
that has a polynomial time solution is represented by some theorem of PTA. Taking into account that 
there are many ways to represent the same problem, extensional completeness is weaker than what can be 
called intensional completeness, according to which any formula representing an (efficiently) computable 
problem is provable. In these terms, Godel's celebrated theorem, here with "truth" = "computability" , is 
about intensional rather than extensional incompleteness. In fact, extensional completeness is not at all 
interesting in the context of classical-logic-based theories such as PA. In such theories, unlike computability- 
logic-based theories, it is trivially achieved, as the provable formula T represents every true sentence. 

Syntactically, our PTA is an extension of PA, and the semantics of the former is a conservative general- 
ization of the semantics of the latter. Namely, the formulas of PA, which form only a proper subclass of the 
formulas of PTA, are seen as special, "moveless" sorts of problems/games, automatically solved/won when 
true and failed/lost when false. This makes the classical concept of truth just a special case of computability 
in our sense — it is nothing but computability restricted to (the problems represented) by the traditional 
sorts of formulas. And this means that Godel's incompleteness theorems automatically extend from PA to 
PTA, so that, unlike extensional completeness, intensional completeness in PTA or any other sufficiently 
expressive CL-based applied theory is impossible to achieve in principle. As for CLAl, it turns out to be 
incomplete in both senses. Section [21] shows that any sufficiently expressive sound system would be (not 
only intensionally but also) extensionally incomplete, as long as the semantics of the system is based on 
unrestricted (as opposed to, say, efficient) computability. 

Among the main moral merits of the present investigation and its contributions to the overall CL project 
is an illustration of the fact that, in constructing CL-based applied theories, successfully switching from 
computability to efficient computability is possible and even more than just possible. As noted, efficient 
computability, in fact, turns out to be much better behaved than computability-in-principle: the former 
allows us to achieve completeness in a sense in which the latter yields inherent incompleteness. 

An advanced reader will easily understand that the present paper, while focused on the system PTA of 
(pt)arithmetic, in fact is not only about arithmetic, but also just as much about CL-based applied theories 
or knowledge base systems in general, with PTA only serving as a model example of such systems and a 
starting point for what may be a separate (sub)line of research within the CL enterprise. Generally, the 
nonlogical axioms or the knowledge base of a CL-based applied system would be any collection of (formulas 
expressing) problems whose algorithmic or efficient solutions are known. Sometimes, together with nonlogical 
axioms, we may also have nonlogical rules of inference, preserving the property of computability or efficient 
computability. An example of such a rule is the polynomial time induction (PTI) rule of PTA. Then, the 
soundness of the corresponding underlying axiomatization of CL (in our present case, it is system CL3 studied 
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in [in]) — which usually comes in the strong form called uniform- constructive soundness — guarantees that 
every theorem T of the theory also has an effective or efficient solution and that, furthermore, such a solution 
can be effectively extracted from a proof of T. It is this fact that, as mentioned, makes CL-based systems 
problem-solving tools. 

Having said the above, motivationally (re)introducing and (re)justifying computability logic is not among 
the goals of the present paper. This job has been done in [11] [121 HI]; and the reader would benefit from 
getting familiar with any of those pieces of literature first, of which most recommended is the first 10 tutorial- 
style sections of [51]. While helpful in fully appreciating the import of the present results, however, from the 
purely technical point of view, such familiarity is not necessary, as this paper provides all relevant definitions. 

2 An informal overview of the main operations on games 

As noted, formulas in CL represent computational problems. Such problems are understood as games 
between two players: T, called machine, and _L, called environment. T is a mechanical device with a 
fully determined, algorithmic behavior. On the other hand, there are no restrictions on the behavior of _L. 
A given machine is considered to be solving a given problem iff it wins the corresponding game no matter 
how the environment acts. 

Standard atomic sentences, such as "0 = 0" or "Peggy is John's mother", are understood as special sorts 
of games, called elementary. There are no moves in elementary games, and they are automatically won or 
lost. Specifically, the elementary game represented by a true sentence is won (without making any moves) 
by the machine, and the elementary game represented by a false sentence is won by the environment. 

Logical operators are understood as operations on games/problems. One of the important groups of such 
operations, called choice operations, comprises n , U , U. These are called choice conjunction, choice 
disjunction, choice universal quantifier and choice existential quantifier, respectively. Aq n Ai is a 
game where the first legal move ("choice"), which should be either or 1, is by _L. After such a move/choice 
i is made, the play continues and the winner is determined according to the rules of Af, if a choice is never 
made, _L loses. Aq U Ai is defined in a symmetric way with the roles of _L and T interchanged: here it is 
T who makes an initial choice and who loses if such a choice is not made. With the universe of discourse 
being {0, 1, 10, 11, 100, . . .} (natural numbers identified with their binary representations), the meanings of 
the quantifiers □ and U can now be explained by 

\lxA{x) = A{0) n A{1) n A{10) n A(ll) n A(IOO) n . . . 

and 

UxA{x) = A{0) u A{1) u A{10) u A(ll) u A(IOO) u . . . . 

So, for example, 

\~\x(^Prime{x) U Composite{x)) 

is a game where the first move is by the environment. Such a move should consist in selecting a particular 
number n for x, intuitively amounting to asking whether n is prime or composite. This move brings the 
game down to (in the sense that the game continues as) 

Prime(n) U C'omposite{n). 

Now the machine has to move, or else it loses. The move should consist in choosing one of the two disjuncts. 
Let us say the left disjunct is chosen, which further brings the game down to Prime(n). The latter is an 
elementary game, and here the interaction ends. The machine wins iff it has chosen a true disjunct. The 
choice of the left disjunct by the machine thus amounts to claiming/ answering that n is prime. Overall, as 
we see, nx(^Prime{x) U Composite{x)^ represents the problem of deciding the priniality questionjfj 
Similarly, 

nxnyL\z{z = x X y) 

^For simplicity, here we treat "Composite" as the complement of "Prime", even though, strictly speaking, this is not quite 
so: the numbers and 1 are neither prime nor composite. Writing "Nonprime" instead of "Composite" would easily correct 
this minor inaccuracy. 
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is the problem of eompiiting the; product of any two numbers. Here the first two moves arc by tlic environ- 
ment, which selects some particular m = x and n = y, thus asking the machine to tell what the product of m 
and n is. The machine wins if and only if, in response, it selects a (the) number k for z such that k = m-<n. 

The present paper replaces the above-described choice quantifiers □ and U with their bounded coun- 
terparts n'' and U'', where b is a variable. These are the same as □ and U, with the difference that the 
choice here is limited only to the objects of the universe of discourse whose sizes do not exceed a certain 
bound, which is represented by the variable fa. So, n'^xA{x) is essentially the same as nx{\x\<b^A{x)) 
and L\^xA{x) is essentially the same as Ux(|a;|<fa A^(a;)), where (the meanings of -> , A will be explained 
shortly and) |a;| <fa means "the size of x does not exceed b". As we are going to see later, it is exactly the 
value of b with respect to which the computational complexity of games will be measured. 

Another group of game operations dealt with in this paper, two of which have already been used in 
the previous paragraph, comprises -i, A , V , -> . Employing the classical symbols for these operations is no 
accident, as they axe conservative generalizations of the corresponding Boolean operations from elementary 
games to all games. 

Negation -> is a role-switch operation: it turns T's moves and wins into _L's moves and wins, and vice 
versa. Since elementary games have no moves, only the winners are switched there, so that, as noted, ^ acts 
just as the ordinary classical negation. For instance, as T is the winner in + 1 = 1, the winner in -iO + l = l 
will be _L. That is, T wins the negation -lA of an elementary game A iff it loses A, i.e., if A is false. As 
for the meaning of negation when applied to nonelementary games, at this point it may be useful to observe 
that -I interacts with choice operations in the kind old DeMorgan fashion. For example, it would not be 
hard to see that 

-ir\xr\yUz{z=x>(y) = UxUynz{z^x>(y). 

The operations A and V are called parallel conjunction and parallel disjunction, respectively. 
Playing Aq aAi (resp. AqV Ai) means playing the two games in parallel where, in order to win, T needs 
to win in both (resp. at least one) of the components Ai. It is obvious that, just as in the case of negation, 
A and V act as classical conjimction and disjunction when applied to elementary games. For instance, 
+ l = lvOxl = l is a game automatically won by the machine. There are no moves in it as there are no 
moves in either disjunct, and the machine is an automatic winner because it is so in the left disjunct. To 
appreciate the difference between the two — choice and parallel — groups of connectives, compare 

nx(Prime{x) u -yPriTne{x)) 

and 

nx(Prim,e{x) V -iPrim,e{x)) . 

The former is a computationally nontrivial problem, existence of an easy (polynomial time) solution for 
which had remained an open question until a few years ago. As for the latter, it is trivial, as the machine 
has nothing to do in it: the first (and only) move is by the environment, consisting in choosing a number n 
for X. Whatever n is chosen, the machine wins, as PriTne{n) V -iPrime{n) is a true sentence and hence an 
automatically T-won elementary game. 

The operation , called reduction, is defined hy A—i- B — {^A) V B. Intuitively, this is indeed the 
problem of reducing B to A: solving A^ B means solving B while having A as an external computational 
resource. Resources are symmetric to problems: what is a problem to solve for one player is a resource that 
the other player can use, and vice versa. Since A is negated in {-^A) V B and negation means switching the 
roles, A appears as a resource rather than problem for T in A — >■ i3. 

Consider VAxVAy{y = x^). Anyone who knows the definition of x^ in terms of x (but perhaps does not 
know the meaning of multiplication, or is unable to compute this function for whatever reason) would be 
able to solve the problem 

V\zV\uVAv{v = zxu) — >• V\xVAy{y = x'^), (1) 

i.e., the problem 

V-\zV-\u'r\v{v^z^u) V r\x'L\y{y = x'^), 

as it is about reducing the consequent to the antecedent. A solution here goes like this. Wait till the 
environment specifies a value n for x, i.e. asks "what is the square of n?". Do not try to immediately 
answer this question, but rather specify the same value n for both z and u, thus asking the counterquestion: 
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"what is n times n?" . The environment wih have to provide a correct answer m to this counterquestion 
(i.e., specify w as m where m = nxn), or else it loses. Then, specify y as m, and rest your case. Note 
that, in this solution, the machine did not have to compute multiplication, doing which had become the 
environment's responsibility. The machine only correctly reduced the problem of computing square to the 
problem of computing product, which made it the winner. 

Another group of operations that play an important role in CL comprises V and its dual 3 (with 3xA(x) — 
-<\fx^A{x)), called blind universal quantifier and blind existential quantifier, respectively. yxA{x) 
can be thought of as a "version" of nxA{x) where the particular value of x that the environment selects is 
invisible to the machine, so that it has to play blindly in a way that guarantees success no matter what that 
value is. 

Compare the problems 

r\x{Even{x) U Odd{x)) 

and 

Vx[Even{x) U Odd{x)). 

Both of them are about telling whether a given number is even or odd; the difference is only in whether that 
"given number" is known to the machine or not. The first problem is an easy-to-win, two-move-deep game 
of a structure that we have already seen. The second game, on the other hand, is one-move deep with only 
the machine to make a move — select the "true" disjunct, which is hardly possible to do as the value of x 
remains unspecified. 

Just like all other operations for which we use classical symbols, the meanings of V and 3 are exactly classi- 
cal when applied to elementary games. Having this full collection of classical operations makes coniputability 
logic a generalization and conservative extension of classical logic. 

Going back to an earlier example, even though ([1]) expresses a "very easily solvable" problem, that 
formula is still not logically valid. Note that the successfulness of the reduction strategy of the consequent to 
the antecedent that we provided for it relies on the nonlogical fact that x^=xxx. That strategy would fail in 
a general case where the meanings of x'^ and xxx may not necessarily be the same. On the other hand, the 
goal of CL as a general-purpose problem-solving tool should be to allow us find purely logical solutions, i.e., 
solutions that do not require any special, domain-specific knowledge and (thus) would be good no matter 
what the particular predicate or function symbols of the formulas mean. Any knowledge that might be 
relevant should be explicitly stated and included either in the antecedent of a given formula or in the set 
of axioms ("implicit antecedents" for every potential formula) of a CL-based theory. In our present case, 
formula (P) easily turns into a logically valid one by adding, to its antecedent, the definition of square in 
terms of multiplication: 

'^w[w'^ =w X w) a\~\z\~\uUv{v = z X u) \~\xL\y{y = x'^). (2) 

The strategy that we provided earlier for ([1]) is just as good for with the difference that it is successful 
for (m no matter what x'^ and zxu mean, whereas, in the case of ([T]), it was guaranteed to be successful 
only under the standard arithmetic interpretations of the square and product functions. Thus, our strategy 
for (21) is, in fact, a "purely logical" solution. Again, among the purposes of computability logic is to serve 
as a tool for finding such "purely logical" solutions, so that it can be applied to any domain of study rather 
than specific domains such as that of arithmetic, and to arbitrary meanings of nonlogical symbols rather 
than particular meanings such as that of the multiplication function for the symbol x . 

The above examples should not suggest that blind quantifiers are meaningful or useful only when applied 
to elementary problems. The following is an example of an effectively winnable nonelementary V-game: 

yy(^Even{y) U Odd{y) nx(Even{x + y) U Odd{x + y))^ . (3) 

Solving this problem, which means reducing the consequent to the antecedent without knowing the value of 
y, is easy: T waits till _L selects a value n for x, and also tells — by selecting a disjunct in the antecedent — 
whether y is even or odd. Then, if n and y are both even or both odd, T chooses the first U -disjunct in the 
consequent, otherwise it chooses the second U -disjunct. Replacing the Vy prefix by Fly would significantly 
weaken the problem, obligating the environment to specify a value for y. Our strategy does not really need 
to know the exact value of y, as it only exploits the information about y's being even or odd, provided by 
the antecedent of the formula. 
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Many more — natural, meaningful and useful — operations beyond the ones discussed in this section 
have been introduced and studied in computability logic. Here we have only surveyed those that are relevant 
to our present investigation. 

3 Constant games 

Now we are getting down to formal definitions of the concepts informally explained in the previous section. 

To define games formally, we need some technical terms and conventions. Let us agree that by a move 
we mean any finite string over the standard keyboard alphabet. A labeled move (labmove) is a move 
prefixed with T or ±, with such a prefix (label) indicating which player has made the move. A run is a 
(finite or infinite) sequence of labmoves, and a position is a finite run. 

Convention 3.1 We will be exclusively using the letters F, A, $ for runs, and a, (5 for moves. The letter p 
will always be a variable for players, and 

P 

will mean "p's adversary" ("the other player"). Runs will be often delimited by "(" and ")", with () thus 
denoting the empty run. The meaning of an expression such as ($, pa,T) must be clear: this is the result 
of appending to the position ($) the labmove (pa) and then the run (F). 

The following is a formal definition of what we call constant games, combined with some less formal 
conventions regarding the usage of certain terminology. 

Definition 3.2 A constant game is a pair A = (Lr'^, Wn^), where: 

1. Lr"^ is a set of runs satisfying the condition that a (finite or infinite) run is in Lr-^ iff all of its 
nonempty finite initial segments are in Lr"* (notice that this implies () G Lr'^). The elements of Lr"^ are 
said to be legal runs of A, and all other runs are said to be illegal. We say that a is a legal move for 
p in a position $ of A iff pa) G Lr^; otherwise a is illegal. When the last move of the shortest illegal 
initial segment of F is p-labeled, we say that F is a p-illegal run of A. 

2. Wn^ is a function that sends every run F to one of the players T or ±, satisfying the condition that 
if F is a p-illegal run of A^ then Wn'^(F) = p. When Wn'^(F) = p, we say that F is a p-won (or won by 
p) run of A] otherwise F is lost by p. Thus, an illegal run is always lost by the player who has made the 
first illegal move in it. 

An important operation not explicitly mentioned in Section [5] is what is called prefixation. This operation 
takes two arguments: a constant game A and a position $ that must be a legal position of A (otherwise 
the operation is undefined), and returns the game {'^)A. Intuitively, {^)A is the game playing which means 
playing A starting (continuing) from position <&. That is, {^)A is the game to which A evolves (will be 
"brought down") after the moves of $ have been made. We have already used this intuition when explaining 
the meaning of choice operations in Section [51 we said that after _L makes an initial move i e {0, 1}, the 
game ^on^i continues as Ai. What this meant was nothing but that (_Li) (Aq n Ai ) = A-i. Similarly, 
(Tz)(ylo U Ai) = Ai. Here is a definition of prefixation: 

Definition 3.3 Let yl be a constant game and $ a legal position of A. The game {^)A is defined by: 

. LrW^ = {F| ($,F)GLr'^}; 

• WnW'^(F) = Wn^($,F). 

Convention 3.4 A terminological convention important to remember is that we often identify a legal po- 
sition <i> of a game A with the game {^)A. So, for instance, we may say that the move 1 by _L brings the 
game Bq n Bi down to the position Bi. Strictly speaking, Bi is not a position but a game, and what is a 
position is (-L1), which we here identified with the game Bi = (±l)(i3o n Bi). 

We say that a constant game A is finite-depth iff there is an integer d such that no legal run of A 
contains more than d labmoves. The smallest of such integers d is called the depth of A. An elementary 
game is a game of depth 0. 
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In this paper wih exclusively deal with finite-depth games. This restriction of focus makes many defini- 
tions and proofs simpler. Namely, in order to define a finite-depth-preserving game operation 0{Ai, . . . , An) 
applied to such games, it suffices to specify the following: 

(i) Who wins 0{Ai, . . . , An) if no moves are made, i.e., the value of Wn'^'-"^^' ' ''^"-'(). 

(ii) What arc the initial legal (lab)moves, i.e., the elements of {pa \ {pa) G Lr*^'"*^' "''^"''}, and to what 

game is 0{Ai, . . . , An) brought down after such an initial legal labmove pa is made. Recall that, by 
saying that a given labmove pa brings a given game A down to B, we mean that (pa) A = B. 

Then, the set of legal runs of 0{Ai , . . . , An) will be uniquely defined, and so will be the winner in every legal 
(and hence finite) run of the game. 

Below we define a number of operations for finite-depth games only. Each of these operations can be 
easily seen to preserve the finite-depth property. Of course, more general definitions of these operations — 
not restricted to finite-depth games — do exist (see, e.g., [H]), but in this paper we are trying to keep things 
as simple as possible, and reintroduce only as much of computability logic as necessary. 

Definition 3.5 Let A, B, Aq, Ai, . . . be finite-depth constant games, and rt be a positive integer. 

1. -^A is defined by: 

(i) Wn^^O = p iflt Wn-^O = p. 

(ii) (pa) G hr^^ iff (pa) G hr^. Such an initial legal labmove pa brings the game down to 
-.(pa) A. 

2. ^0 n . . . n y4„ is defined by: 

(i) Wn^^^-^-^-O = T. 

(ii) (pa) G Lr^" n ... n a„ jff p = _|_ and a = i G {0, . . . , n}^ Such an initial legal labmove J-i 
brings the game down to A^. 

3. ^0 A ... A An is defined by: 

(i) Wn-^" ^ - ^ ^" = T iff, for each i G {0, . . . , n}, Wn^' () = T. 

(ii) (pa) G Lr-^"^---^^" iff a = where i G {0, . . . , n} and (p^) G Lr^'. Such an initial 
legal labmove pi.p brings the game down to 

AqA ... A Ai_i A (p/3)A, A Ai + i A ... AAn. 

4. AqU . . . U An and AqV ... V An are defined exactly as Aq n . . . n An and Aq A ... A An, respectively, 
only with "T" and "_L" interchanged. 

5. In addition to the earlier-established meanings, the symbols T and -L also denote two special — simplest 
— constant games, defined by Wn^() — T, Wn^() = ± and Lr^ = Lr^ = {()}. 

6. A^ B is treated as an abbreviation of {^A) V B. 
Example 3.6 The game (0 = n = 1) ^ (10 = 11 n 10 = 10), i.e. 

-,(0 = n = 1) V (10=11 n 10=10), 

has thirteen legal runs, which are: 

1 (). It is won by T, because T is the winner in the right V -disjunct (consequent). 

^According to our conventions, such a natural number i is identified with its binary representation. The same apphes to the 
other clauses of this definition. 
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2 (TO.O). (The labmovc of) this run brings the game down to -iO=0 V (10 = 11 n 10 = 10), and T is the winner 

for the same reason as in the previous case. 

3 (TO.l). It brings the game down to -i0 = l V (10 = 11 n 10 = 10), and T is the winner because it wins in both 

V-disjuncts. 

4 (±1.0). It brings the game down to ^(0 = OnO = l) V 10 = 11. T loses as it loses in both V-disjuncts. 

5 (_L1.1). It brings the game down to ^(0 = n = 1) V 10= 10. T wins as it wins in the right V-disjimct. 

6-7 (TO.O, _L1.0) and (_L1.0, TO.O). Both bring the game down to the false -.0 = V 10 = 11, and both are lost 
by T. 

8-9 (TO.l, -Ll.O) and (-L1.0, TO.l). Both bring the game down to the true -iO = l V 10 = 11, which makes T 
the winner. 

10-11 (TO.O, ±1.1) and (_L1.1, TO.O). Both bring the game down to the true -.0 = V 10 = 10, so T wins. 
12-13 (TO.l, _L1.1) and (_L1.1, TO.l). Both bring the game down to the true -.0 = 1 V 10 = 10, so T wins. 

4 Games as generalized predicates 

Constant games can be seen as generalized propositions: while propositions in classical logic are just elements 
of {T, _L}, constant games are functions from runs to {T, _L}. As we know, however, propositions only offer 
a very limited expressive power, and classical logic needs to consider the more general concept of predicates, 
with propositions being nothing but special — constant — cases of predicates. The situation in computability 
logic is similar. Our concept of a (simply) game generalizes that of a constant game in the same sense as the 
classical concept of a predicate generalizes that of a proposition. 
We fix an infinite set of expressions called variables: 

{lD0,ft)l,ft)2,tt)3,---}- 

The letters 

x,y,z,s,r,t,u,v,w 
will be used as metavariables for these variables. The Gothic letter 

b 

will be exclusively used as a metaname for the variable tOo, which is going to have a special status throughout 
our entire treatment. 

We also fix another infinite set of expressions called constants: 

{0, 1, 10, 11, 100, 101, 110, 111, 1000, . . .}. 

These are thus binary numerals the strings matching the regular expression U 1(0 U 1)*. We will be 
typically identifying such strings by some rather innocent abuse of concepts — with the natural numbers 
represented by them in the standard binary notation, and vice versa. The above collection of constants is 
going to be exactly the universe of discourse — i.e., the set over which the variables range — in all cases 
that we consider. We will be mostly using a, b, c, d as metavariables for constants. 

By a valuation we mean a function e that sends each variable x to a constant e{x). In these terms, a 
classical predicate p can be understood as a function that sends each valuation e to a proposition, i.e., to a 
constant predicate. Similarly, what we call a game sends valuations to constant games: 

Definition 4.1 A game is a function A from valuations to constant games. We write e[A] (rather than 
A{e)) to denote the constant game returned by A for valuation e. Such a constant game e[A] is said to be 
an instance of A. For readability, we usually write Lr^ and Wn^ instead of Lr'^'"^' and Wn'^'"^'. 
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Just as this is the case with propositions versus predicates, constant games in the sense of Definition 
13.21 will be thought of as special, constant cases of games in the sense of Definition 14.11 In particular, each 
constant game A' is the game A such that, for every valuation e, e[A] = A' . From now on we will no longer 
distinguish between such A and A' , so that, if A is a constant game, it is its own instance, with A — e[A] 
for every e. 

Where n is a natural number, we say that a game A is n-ary iff there is are n variables such that, for 
any two valuations ei and 62 that agree on all those variables, we have ei[A] — 62 [A]. Generally, a game 
that is n-ary for some n, is said to be finitary. Our paper is going to exclusively deal with finitary games 
and, for this reason, we agree that, from now on, when we say "game", we usually mean "finitary game". 

We say that a game A depends on a variable x iff there are two valuations 61,62 that agree on all 
variables except x such that ei[A] ^ 62 [A]. An n-ary game thus depends on at most n variables. And 
constant games are nothing but 0-ary games, i.e., games that do not depend on any variables. 

We say that a (not necessarily constant) game A is elementary iff so are all of its instances e[A]. And 
we say that A is finite-depth iff there is a (smallest) integer d, called the depth of A, such that the depth 
of no instance of A exceeds d. 

Just as constant games are generalized propositions, games can be treated as generalized predicates. 
Namely, we will see each predicate p of whatever arity as the same-arity elementary game such that, for 
every valuation e, Wn^O = T iff p is true at e. And vice versa: every elementary game p will be seen 
as the same-arity predicate which is true at a given valuation e iff WnJ^() — T. Thus, for us, "predicate" 
and "elementary game" are going to be synonyms. Accordingly, any standard terminological or notational 
conventions familiar from the literature for predicates also apply to them seen as elementary games. 

Just as the Boolean operations straightforwardly extend from propositions to all predicates, our opera- 
tions ^, A , V , — ^ , n , U extend from constant games to all games. This is done by simply stipulating that 
e[. . .] commutes with all of those operations: -^A is the game such that, for every valuation e, e[-^A] ~ -^e[A]; 
An B is the game such that, for every e, e[A n B] = e[A] n e[B]; etc. 

The operation of prefixation also extends to nonconstant games: {^)A should be understood as the unique 
game such that, for every e, e[{^)A] = {^)e[A]. However, unlike the cases with all other operations, {^)A, 
as a function from valuations to constant games, may be partial even if A is total. Namely, it will be defined 
only for those valuations e for which we have $ € Lr^. Let us call not-always-defined "games" partial (as 
opposed to the total games of Definition 14. ip . In the rare cases when we write (<&) A for a non-constant game 
A (which always happens in just intermediate steps), it should be remembered that possibly we are dealing 
with a partial rather than a total game. Otherwise, the default meaning of the word "game" is always a 
total game. 

Definition 4.2 Let A be a game, xi, . . . , a;„ be pciirwisc distinct variables, cinci ci, . . . , Cn be constants. The 
result of substituting xi, . . . ,Xn by ei, . . . , c„ in ^, denoted A{xi/ci, . . . , Xn/cn), is defined by stipulating 

that, for every valuation 6, e[A{xi/ci, . . . ,Xn/cn)] = e'[A], where e' is the valuation that sends each Xi to Ci 
and agrees with e on all other variables. 

Following the standard readability-improving practice established in the literature for predicates, we will 
often fix pairwise distinct variables xi, . . . , x„ for a game A and write A as A{xi, . . . , a;„). Representing A in 
this form sets a context in which we can write ^(ei, . . . , e„) to mean the same as the more clumsy expression 

A{xi/Ci,. . .,X„/Cn)- 

Definition 4.3 Below x is an arbitrary variable other than b, and A{x) is an arbitrary finite-depth game. 

1. We define \~\^xA{x) = L\^xA{x) — A{0) and, for any positive integer b, with 1^ standing for the binary 
numeral consisting of b "l"s, we define the games \l^xA{x) and L\''xA{x) as follows: 

\l^xA{x) = A{0) n A{1) n A{10) n A{11) n A(IOO) n A(lOl) n . . . n ^(l''); 

U''xA{x) = A{0) u ^(1) u A(10) u yl(ll) u yl(lOO) u yl(lOl) u . . . u A{l''). 

2. Using the above notation, we define 

n^xA{x) 

as the unique game such that, for any valuation 6, 6[n''a;yl(a::)] = 6[n''a;yl(a;)], where b — e(b). Similarly, 

L\''xA{x) 
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is the unique game such that, for any valuation e, e[U''xA(x)] — e[\-\^xA(x)], where b — e(b). and 
U'' are said to be bounded choice universal quantifier and bounded choice existential quantifier, 
respectively. 

As we see, n'' and U'' are like the ordinary choice quantifiers □ , U of computability logic explained in 
Section [21 with the only difference that the size of a constant chosen for x in □''a; or U^'x should not exceed 
the value of b. (The case of that value being is a minor technical exception which can be safely forgotten.) 

Convention 4.4 Because throughout the rest of this paper we exclusively deal with the bounded choice 
quantifiers (and never with the ordinary U discussed in Section [2]), and because the variable b is 

fixed and is the same everywhere, we agree that, from now on, when we write □ or U, we always mean 
or U'', respectively. 

This is not a change of interpretation of Fl, U but rather some, rather innocent, abuse of notation. 

We will say that a game A is unistructural iff, for any two valuations ei and 62 that agree on b, we 
have Lrf^ = Lrf^. Of course, all constant or elementary games are unistructural. It can also be easily seen 
that all our game operations preserve the unistructural property of games. For the purposes of the present 
paper, considering only unistructural games would be sufficient. 

We define the remaining operations V and 3 only for unistructural games: 

Definition 4.5 Let x be a variable other than b, and A{x) be a finite-depth unistructural game. 
1. \fxA{x) is defined by stipulating that, for every valuation e, player p and move a, we have: 

(i) Wn^^^(^)() = T iff, for every constan10 c, Wn^(")() = T. 

(ii) (pa) e j^jy^M^) jff (po;) G Lr^'-^\ Such an initial legal labmove pa brings the game 
e\\/xA{x)] down to e[\/x{pa)A{x)]. 



2. 3xA{x) is defined in exactly the same way, only with T and _L interchanged. 

It is worth noting that \fxA(x) and 3xA(x) are total even if the game {pa)A{x) used in their definition 
is only partial. 

Example 4.6 Let G be the game (jS]) discussed earlier in Section [2] (only, now □ seen as □''), and let e be a 
valuation with e(b) = 10. The sequence (11.11, 10.0, Tl.l) is a legal run of e[G], the effects of the moves 
of which are shown below: 

e[G] : \fy(^Even{y) U Odd{y) ^ n^°x{Even{x + y) U Odd{x + y))'j 

(ll.ll)e[G] : Wy(Even{y) U Odd{y) ^ Even{n + y) U Odd{n+y)) 

(11.11, 10.0)e[G'] : yylEven{y) ^ Even{ll+y) U Odd{ll + y)) 

(11.11, 10.0, Tl.l)e[G] : yy{Even{y) Odd{ll + y)) 

The play hits (ends as) the true proposition \fy(^Even{y) — > Odd{ll+y)^ and hence is won by T. 

Before closing this section, we want to make the rather straightforward observation that the DeMorgan 
dualities hold for all of our sorts of conjunctions, disjunctions and quantifiers, and so does the double negation 
principle. That is, we always have: 

-.^A ^ A: 



-^{AaB) = ^Ay^B 
-^{AnB) = ^Au^B 
-NxA{x) = 3x^A{x) 
-.nxA{x) = Ux^A{x) 



-^{AwB) = -^Aa^B; 
n(AuB) = -^An^B; 
-^3xA{x) = yx^A{x); 
-.L\xA{x) = \lx^A{x). 



■^It is important to note that, unlike the case with the choice quantifiers, here we are not imposing any restrictions on the 
size of such a constant. 
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5 Algorithmic strategies through interactive machines 



In traditional game-semantical approaches, including Blass's [3j |4] approach which is the closest precursor 
of ours, player's strategies are understood as functions — typically as functions from interaction histories 
(positions) to moves, or sometimes ([T]) as functions that only look at the latest move of the history. 
This strategies- as- functions approach, however, is inapplicable in the context of computability logic, whose 
relaxed semantics, in striving to get rid of any "bureaucratic pollutants" and only deal with the remaining 
true essence of games, does not impose any regulations on which player can or should move in a given 
situation. Here, in many cases, either player may have (legal) moves, and then it is unclear whether the next 
move should be the one prescribed by T's strategy function or the one prescribed by the strategy function 
of X. In fact, for a game semantics whose ambition is to provide a comprehensive, natural and direct tool 
for modeling interaction, the strategies-as-functions approach would be simply less than adequate, even if 
technically possible. This is so for the simple reason that the strategies that real computers follow are not 
functions. If the strategy of your personal computer was a function from the history of interaction with you, 
then its performance would keep noticeably worsening due to the need to read the continuously lengthening 
— and, in fact, practically infinite — interaction history every time before responding. Fully ignoring that 
history and looking only at your latest keystroke in the spirit of T! is also certainly not what your computer 
does, either. 

In computability logic, (T's effective) strategies are defined in terms of interactive machines, where com- 
putation is one continuous process interspersed with — and infiuenced by — multiple "input" (environment's 
moves) and "output" (machine's moves) events. Of several, seemingly rather different yet equivalent, machine 
models of interactive computation studied in CL, here we will employ the most basic, HPM ("Hard-Play 
Machine") model. 

An HPM is nothing but a Turing machine with the additional capability of making moves. The adversary 
can also move at any time, with such moves being the only nondeterministic events from the machine's 
perspective. Along with the ordinary work tape, the machine has two additional tapes called the valuation 
tape and the run tape. The valuation tape, serving as a static input, spells some (arbitrary but fixed) 
valuation applied to the game. And the run tape, serving as a dynamic input, at any time spells the 
"current position" of the play. The role of these two tapes is to make both the valuation and the run fully 
visible to the machine. 

In these terms, an algorithmic solution (T's winning strategy) for a given game A is understood as an 
HPM A4 such that, no matter how the environment acts during its interaction with A4 (what moves it makes 
and when), and no matter what valuation e is spelled on the valuation tape, the run incrementally spelled 
on the run tape is a T-won run of e[A]. 

As for ±'s strategies, there is no need to define them: all possible behaviors by _L are accounted for by 
the different possible nondeterministic updates of the run tape of an HPM. 

In the above outline, we described HPMs in a relaxed fashion, without being specific about technical 
details such as, say, how, exactly, moves are made by the machine, how many moves either player can 
make at once, what happens if both players attempt to move "simultaneously", etc. As it turns out, all 
reasonable design choices yield the same class of winnable games as long as we consider a certain natural 
subclass of games called static. Such games are obtained by imposing a certain simple formal condition on 
games (see, e.g.. Section 5 of [21]), which we do not reproduce here as nothing in this paper relies on it. 
We shall only point out that, intuitively, static games are interactive tasks where the relative speeds of the 
players are irrelevant, as it never hurts a player to postpone making moves. In other words, static games are 
games that are contests of intellect rather than contests of speed. And one of the theses that computability 
logic philosophically relies on is that static games present an adequate formal counterpart of our intuitive 
concept of "pure" , speed-independent interactive computational problems. Correspondingly, computability 
logic restricts its attention (more specifically, possible interpretations of the atoms of its formal language) to 
static games. All elementary games turn out to be trivially static, and the class of static games turns out to 
be closed under all game operations studied in computability logic. More specifically, all games expressible 
in the language of the later-defined logic CL3, or theory PTA, are static. And, in this paper, we use the 
term "computational problem" , or simply "problem" , is a synonym of "static game" . 
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6 The HPM model in greater detail 



As noted, computability of static games is rather robust with respect to the technical details of the underlying 

model of interaction. And the loose description of HPMs that we gave in the previous section would be 
sufficient for most purposes, just as mankind had been rather comfortably studying and using algorithms 
long before the Church- Turing thesis in its precise form came around. Namely, relying on just the intuitive 
concept of algorithmic strategies (believed in CL to be adequately captured by the HPM model) would be 
sufficient if we only needed to show existence of such strategies for various games. As it happens, however, 
later sections of this paper need to arithmetize such strategies in order to prove the promised extensional 
completeness of ptarithmetic. The complexity-theoretic concepts defined in the next section also require 
certain more specific details about HPMs, and in this section we provide such details. It should be pointed 
out again that most — if not all — of such details are "negotiable" , as different reasonable arrangements 
would yield equivalent models. 

Just like an ordinary Turing machine, an HPM has a finite set of states, one of which has the special 
status of being the start state. There are no accept, reject, or halt states, but there are specially designated 
states called move states. It is assumed that the start state is not among the move states. As noted earlier, 
this is a three-tape machine, with a read-only valuation tape, read-write work tape, and read-only run 
tape. Each tape has a beginning but no end, and is divided into infinitely many cells, arranged in the 
left-to-right order. At any time, each cell will contain one symbol from a certain fixed finite set of tape 
symbols. The blank symbol, as well as T and _L, are among the tape symbols. We also assume that these 
three symbols are not among the symbols that any (legal or illegal) move can ever contain. Each tape has its 
own scanning head, at any given time looking (located) at one of the cells of the tape. A transition from 
one computation step ("clock cycle") to another happens according to the fixed transition function 
of the machine. The latter, depending on the current state, and the symbols seen by the three heads on the 
corresponding tapes, deterministically prescribes the next state, the tape symbol by which the old symbol 
should be overwritten in the current cell (the cell currently scanned by the head) of the work tape, and, for 
each head, the direction — one cell left or one cell right — in which the head should move. A constraint 
here is that the blank symbol, T or _L can never be written by the machine on the work tape. An attempt 
to move left when the head of a given tape is looking at the first (leftmost) cell results in staying put. So 
does an attempt to move right when the head is looking at the blank symbol. 

When the machine starts working, it is in its start state, all three scanning heads arc looking at the 
first cells of the corresponding tapes, the valuation tape spells some valuation e by listing the values of the 
variables roo, fci, fD2, • • • (in this precise order) separated by commas, and (all cells of) the work and run tapes 
are blank (i.e., contain the blank symbol). WhcHicvcr the machine enters a move state, the string a spelled 
by (the contents of) its work tape cells, starting from the first cell and ending with the cell immediately left 
to the work-tape scanning head, will be automatically appended — at the beginning of the next clock cycle 
— to the contents of the tuh tape in the T-prefixcd form Ta. And, on every transition, whether the machine 
is in a move state or not, any finite sequence -L/?i, . . . , J-/3m of _L-labeled moves may be nondctcrministically 
appended to the content of the run tape. If the above two events happen on the same clock cycle, then the 
moves will be appended to the contents of the run tape in the following order: TaJ-/3i . . . Lj3m (note the 
technicality that labmoves are listed on the run tape without blanks or commas between them). 

With each labmove that emerges on the run tape we associate its timestamp, which is the number of 
the clock cycle immediately preceding the cycle on which the move first emerged on the run tape. Intuitively, 
the timestamp indicates on which cycle the move was made rather than appeared on the run tape; a move 
made during cycle #z appears on the run tape on cycle #i + l rather than #z. Also, we agree that the count 
of clock cycles starts from 0, meaning that the very first clock cycle is cycle #0 rather than #1. 

A configuration is a full description of (the "current") contents of the work and run tapes, the locations 
of the three scanning heads, and the state of the machine. An e-computation branch is an infinite sequence 
Co, Ci, C2, . . . of configurations, where Co is the initial configuration (as explained earlier), and every Cj + i is 
a configuration that could have legally followed (again, in the sense explained earlier) d when the valuation 
e is spelled on the valuation tape. For an e-computation branch B, the run spelled by B is the run F 
incrementally spelled on the run tape in the corresponding scenario of interaction. We say that such a F is 
a run generated by the machine on valuation e. 

We say that a given HPM M wins (computes, solves) a given game A on valuation e — and write 
M. \=e A — iff every run F generated by M. on valuation e is a T-won run of e[A\. We say that A is 
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computable iff there is an HPM M. such that, for every vahiation e, A4 A; such an HPM is said to be 
an (algorithmic) solution, or winning strategy, for A. 

7 Towards interactive complexity 

At present, the theory of interactive computation is far from being well developed, and even less so is the 
theory of interactive complexity. The studies of interactive computation in the context of complexity, while 
having going on since long ago, have been relatively scattered, and interaction has often been used for 
better understanding certain traditional, non-interactive complexity issues (examples would be alternating 
computation [7], or interactive proof systems and Arthur- Merlin games [8l[2]) rather than being treated as 
an object of systematic studies in its own rights. As if complexity theory was not "complex" enough already, 
taking it to the interactive level would most certainly generate a by an order of magnitude greater diversity 
of species from the complexity zoo. 

The present paper is the first modest attempt to bring complexity issues into computability logic and 
the corresponding part of the under-construction theory of interactive computation. Here we introduce one, 
perhaps the simplest, way of measuring interactive complexity out of the huge and interesting potential 
variety of complexity measures meaningful and useful in the interactive context. 

Games happen to be so expressive that most, if not all, ways of measuring complexity will be meaningful 
and interesting only for certain (sub)classes of games and not quite so, or not so at all, for other classes. Our 
present approach is no exception. The time complexity concept that we are going to introduce is meaningfully 
applicable only to games that, in positive (winnable) cases, can be brought by T to a successful end within 
a finite number of moves. In addition, every instance of a game under consideration should be such that the 
length of any move in any legal run of it never exceeds a certain bound which only depends on the value of 
our special-status variable b. As mentioned earlier, it is exactly the value of this variable relative to which 
the computational complexity of games will be measured. 

The above class of games includes all games obtained by closing elementary games (predicates) under 
the operations of Sections [3] and |31 which also happens to be the class of games expressible in the language 
of the later-defined logic CL3. Indeed, consider any such game A. Obviously the number of moves in any 
legal run — and hence any T-won run — of any instance of A cannot exceed its ( n , U , U)-depth; the 
sizes of moves associated with n , U are constant; and the sizes of moves associated with H, U, in any given 
instance of the game, never exceed a certain constant plus the value of the variable b. 

Games for which our present complexity concepts are meaningful also include the much wider class of 
games expressible in the language of logic CL12 introduced in [25], if the quantifiers U of the latter are 
understood (as they are in this paper) as their bounded counterparts Fl^, U''. While those games may have 
arbitrarily long or even infinite legal runs, all runs won by T are still finite. 

Bringing computability logic to a complexity-sensitive level also naturally calls for considering only 
bounded valuations. By a bounded valuation we mean a valuation e such that, for any variable x, 
the size of the binary numeral e{x) does not exceed the value e(b) of b (note: the value of b rather than the 
size of that value) . This condition makes it possible to treat free variables in the same way as if they were 
□-bounded. 

The starting philosophical-motivational point of our present approach to time complexity is that it should 
be an indicator of "how soon the game(s) can be won" in the worst case, with "how soon" referring to the 
number of computation steps (clock cycles) a given HPM A4 takes to reach a final and winning position. 
There is a little correction to be made in this characterization though. The point is that part of its time 
M may spend just waiting for its adversary to move, and it would be unfair to bill M for the time for 
which probably it is not responsible. Our solution is to subtract from the overall time the moveless intervals 
preceding the adversary's moves, i.e. the intervals that intuitively correspond to the adversary's "thinking 
periods" . These intuitions are accounted for by the following definitions. 

Let Ai be an HPM, e a bounded valuation, B any e-computation branch of A^, and F the run spelled by 
B. For any labmove A of F, we define the thinking period for A as m-n, where m is the timestamp of A 
and n is the timestamp of the labmove immediately preceding A in F, or is if there are no such labmoves. 
Next, we define T's time in B (or in F) as the sum of the thinking periods for all T-labeled moves of F. 
_L's time is defined similarly. Note that, for either player p, p's time will be finite iff there are only finitely 
many moves made by p; otherwise it will be infinite. 
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Definition 7.1 Let A be a game, h a function from natural numbers to natural numbers, and M an HPM. 

1. We say that Ai runs in time h, or that is an ft, time machine, iff, for any bounded valuation e 
and any e-computation branch B of A4, T's time in B is less than ft(e(fa)). 

2. We say that wins (computes, solves) A in time h, or that is an /i time solution for A, 
iff is an ft, time machine and, for any bounded valuation e, A4 \=e A. 

3. We say that A is computable (winnable, solvable) in time ft iff it has an h time solution. 

4. We say that Ai runs in polynomial time, or that A^ is a polynomial time machine, iff it nms 
in time h for some polynomial function ft. 

5. We say that Ai wins (computes, solves) A in polynomial time, or that A^ is a polynomial 
time solution for A, iff A^ is an ft time solution for A for some polynomial function ft. Symbolically, this 
will be written as 

M A. 

6. We say that A is computable (winnable, solvable) in polynomial time, or polynomial time 
computable (winnable, solvable), iff it has a polynomial time solution. 

Many concepts introduced within the framework of computability are generalizations — for the interactive 
context — of ordinary and well-studied concepts of the traditional theory of computation. The above-defined 
time complexity or polynomial time computability are among such concepts. Let us look at the traditional 
notion of polynomial time decidability of a predicate p{x) for instance. With a moment's thought, it can 
be seen to be equivalent to polynomial time computability (in the sense of Definition 17. ip of the game 
p{x) U -'p{x), or — if you prefer — the game \~\x{p{x) U -^p{x)) (these two games are essentially the same, 
with the only difference that, in one case, the value of x will have to be read from the valuation tape, while 
in the other case from the run tape). 

8 The language of logic CL3 and its semantics 

Logic CL3 will be axiomatically constructed in Section [101 The present section is merely devoted to its 
language. The building blocks of this formal language are: 

• Nonlogical predicate letters, for which we use p, q (possibly indexed) as metavariables. With each 
predicate letter is associated a nonnegative integer called its arity. We assume that, for any n, there 
are infinitely many rt-ary predicate letters. 

• Function letters, for which we use /, g as metavariables. Again, each function letter comes with a 
fixed arity, and we assume that, for any n, there are infinitely many n-ary function letters. 

• The binary logical predicate letter = . 

• Infinitely many variables. These are the same as the ones fixed in Section H) 

• Technical symbols: the left parenthesis, the right parenthesis, and the comma. 

Terms, for which we use r, 9, uj, ip, ^ (possibly indexed) as metavariables, are defined as the elements of 
the smallest set of expressions such that: 

• Variables are terms. 

• If / is an n-ary function letter and n, . . . , Tn are terms, then /(n, . . . , r^) is a term. When / is 0-ary, 
we write / instead of /(). 

CL3-formulas, or, in most contexts simply formulas, are defined as the elements of the smallest set of 
expressions such that: 

• If p is an n-ary predicate letter and ri, . . . , t„ are terms, then p{ti, . . . , t„) is an (atomic) formula. 
We write ti=T2 instead of =(ti,T2). Also, when p is 0-ary, we write p instead of p{). 

• If E' is an atomic formula, -•{£) is a formula. We can write ti^T2 instead of ^(ri =T2). 



16 



• _L and T are formulas. 

• If El, . ..,En (n>2) are formulas, then so are (£'i) A ... A V ... V {En), {Ei) n . . . n {En), 
{Ei)u ... u{En). 

• If is a formula and a; is a variable other than b, then yx{E), 3x{E), nx{E), Llx{E) are formulas. 

Note that, terminologically, T and _L do not count as atoms. For us, atoms are formulas containing no 
logical operators. The formulas T and ± do not qualify because they are (0-ary) logical operators themselves. 

Sometimes we can write Ei A . . . A En for an unspecified n>l (rather than n > 2). Such a formula, in the 
case n — 1, should be understood as simply Ei. Similarly for V , n , U . 

Also, where S* is a set of formulas, we may write 

AS 

for the A -conjunction of the elements of S. Again, if S only has one element F, then A S* is simply F. 
Similarly for V , n , U . Furthermore, we do not rule out the possibility of S being empty when using this 
notation. It is our convention that, when S is empty, both A S and n S mean T, and both V S and U S 
mean _L. 

-^E, where E is not atomic, will be understood as a standard abbreviation: -iT = ±, -^^E = E, 
-^{A aB) = -^A V ^B, -^r\xE = Ux^E, etc. And E ^ F will be understood as an abbreviation of -^E V F. 
Also, if we write 

Ei^E2^E3^ ... ^En, 

this is to be understood as an abbreviation of Ei — > {E2 ^ {E3 — j- (. . . {En-i En) ■ . .))). 

Parentheses will often be omitted — as we just did — if there is no danger of ambiguity. When omitting 
parentheses, we assume that ^ and the quantifiers have the highest precedence, and has the lowest 
precedence. So, for instance, -^HxE F V G means {^{r\x{E))) ((F) V (G)). 

The expressions x,y, . . . will usually stand for tuples of variables. Similarly for t,9, . . . (for tuples of 
terms) or a,b, . . . (for tuples of constants). 

The definitions of free and bound occurrences of variables are standard, with U acting as quantifiers 
along with V, 3. We will try to use x, y, z for bound variables only, while use s, r, t, u, v, w for free variables 
only. There may be some occasional violations of this commitment though. 

Convention 8.1 The present conventions apply not only to the language of CL3 but also to the other 
formal languages that we deal with later, such as those of CL4 and PTA. 

1. For safety and simplicity, throughout the rest of this paper we assume that no formula that we ever 
consider — unless strictly implied otherwise by the context — may have both bound and free occurrences 
of the same variable. This restriction, of course, does not yield any loss of expressive power as variables can 
always be renamed so as to satisfy this condition. 

2. Sometimes a formula F will be represented as F{si, . . . , s„), where the Si are variables. When doing 
so, we do not necessarily mean that each Si has a free occurrence in F, or that every variable occurring free in 
F is among si, . . . , s„. However, it will always be assumed (usually only implicitly) that the Si are pairwise 
distinct, and have no bound occurrences in F. In the context set by the above representation, F{ti, . . . , t„) 
will mean the result of replacing, in F, each occurrence of each Si by term t;. When writing F{ti, . . . , r„), 
it will always be assumed (again, usually only implicitly) that the terms ti , . . . , t„ contain no variables that 
have bound occurences in F, so that there are no unpleasant collisions of variables when doing replacements. 

3. Similar — well established in the literature — notational conventions apply to terms. 

An interpretatiord is a function * that sends each rt-ary predicate letter p to an n-ary predicate 
(elementary game) p*{si, . . . , Sn) which does not depend on any variables other than si, . . . , s„; it also sends 
each n-ary function letter / to a function 

r : {0, 1, 10, 11, 100, . . .}" {0, 1, 10, 11, 100, . . .}; 

^The concept of an interpretation in CL is usually more general than the present one. Interpretations in our present sense 
are called perfect. But here we omit the word "perfect" as we do not consider any nonperfect interpretations, anyway. 
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the additional condition required to be satisfied by * is that =* is an equivalence relation on {0, 1, 10, . . .} 
preserved by /* for each function symbol /, and respected by p* for each nonlogical predicate symbol 

The above uniquely extends to a mapping that sends each term r to a function r*, and each formula F 
to a game F*, by stipulating that: 

1. s* ^ s (any variable s). 

2. Where / is an n-ary function letter and ti, . . . , r„ are terms, . . . , t„))* — f*{T*, . . . , r*). 

3. Where p is an n-ary predicate letter and ti, . . . , r„ are terms, {p{ti, . . . , t„))* ~ P*{ti, . . . , r*). 

4. * commutes with all logical operators, seeing them as the corresponding game operations: 



• T* = T; 








• _L* = _L; 








• i-^F)* - 








. {EiA ... 


AEn)* = Et 
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. (Si V . . . 
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• vs:; 


• {EiH ... 


nE„y = El 
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• {3xEy = 


--ME*); 






• (JlxE)* = 


= \lx{E*); 






• {UxE)* = 


= Ux{E*)^ 







When O is a function symbol, a predicate symbol, or a formula, and O* = W, we say that * interprets 
O as W. We can also refer to such a as "O under interpretation *". 

When a given formula is represented as F{xi, . . . , a:„), we will typically write F*{xi, . . . , Xn) instead of 
{F{xi, . . . , a;„)) . A similar practice will be used for terms as well. 

Definition 8.2 We say that an HPM is a uniform polynomial time solution for a formula F iff, for 
any interpretation * , is a polynomial time solution for F* . 

Intuitively, a uniform polynomial time solution is a "purely logical" efRcient solution. "Logical" in the 
sense that it does not depend on the meanings of the nonlogical symbols (predicate and function letters) — 
does not depend on a (the) interpretation *, that is. It is exactly these kinds of solutions that we are interested 
in when seeing CL as a logical basis for applied theories or knowledge base systems. As a universal-utility 
tool, CL (or a CL-based compiler) would have no knowledge of the meanings of those nonlogical symbols 
(the meanings that will be changing from application to application and from theory to theory) , other than 
what is explicitly given by the target formula and the axioms or the knowledge base of the system. 



9 Some closure properties of polynomial time computability 

In this section we establish certain important closure properties for polynomial time computability of games. 
For simplicity we restrict them to games expressible in the language of CL3, even though it should be 
pointed out that these results can be stated and proven in much more general forms than presented here. 

By an (inference) rule we mean a binary relation TZ between sequences of formulas and formulas, instances 
of which arc schematically written as 

X, ._. 

X ' ^ ' 



°That is, =* is a congruence relation. More commonly classical logic simply treats = as the identity predicate. That 
treatment of = , however, is known to be equivalent — in every respect relevant for us — to our present one. Namely, the latter 
turns into the former by seeing any two = *-equivalent constants as two different names of the same object of the universe, as 
"Evening Star" and "Morning Star" are. 

^Remember Convention 14.41 according to which H means n'' and U means U'\ 
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where Xi, . . . , X„ are (metavariables for) formulas called the premises, and X is (a metavariable for) a for- 
mula called the conclusion. Whenever Tl{{Xi, . . . , Xn), X) holds, we say that X follows from Xi, . . . , X„ 
by7^. 

We say that such a rule TZ is uniform-constructively sound iff there is an effective procedure that 
takes any instance {{Xi, . . . ,X„),X) of the rule, any HPMs Aii, . . . ,Mn and returns an HPM Ai such that, 
for any interpretation *, whenever Mi X^,. . . , Mn X*, we have M X*. 

Our formulations of rules, as well as our later treatment, rely on the following notational and termino- 
logical conventions. 

1. A positive occurrence of a subformula is an occurrence that is not in the scope of -i. Since officially 
only atoms may come with a -i, occurrences of non-atomic subformulas will always be positive. 

2. A surface occurrence of a subformula is an occurrence that is not in the scope of any choice operators 
(n,u,n,U). 

3. A formula not containing choice operators — i.e., a formula of the classical language — is said to be 
elementary. 

4. The elementarization 

lli^ll 

of a formula F is the result of replacing in F all surface occurrences of U- and U-subformulas by _L, 
and all surface occurrences of n- and Fl-subformulas by T. Note that ||F|| is (indeed) an elementary 
formula. 

5. We will be using the notation 

F[Ei, . . . , En] 

to mean a formula F together with some (single) fixed positive surface occurrences of each subformula 
Ei. Here the formulas Ei are not required to be pairwise distinct, but their occurrences are. Using this 
notation sets a context in which F[Hi, . . . , Hn] will mean the result of replacing in F[Ei, . . . , En] the 
(fixed) occurrence of each Ei by Hi. Note again that here we are talking about some occurrences of 
El, . . . , En- Only those occurrences get replaced when moving from F[Ei, . . . , En] to F[Hi, . . . , ff„], 
even if the formula also had some other occurrences of . . . , £'„. 

6. In any context where the notation of the previous clause is used (specifically, in the formulations of 
the rules of U -Choose, U-Choose and Wait below), all formulas are assumed to be in negation normal 
form, meaning that they contain no — >■ , and no -i applied to non-atomic subformulas. 

Below we prove the uniform-constructive soundness of several rules. Our proofs will be limited to showing 
how to construct an HPM Ai from an arbitrary instance — in the form (j4]) — of the rule and arbitrary 
HPMs A4i, . ■ . ,Ain (purported solutions for the premises). In each case it will be immediately clear from 
our description of A4 that it can be constructed effectively, that it runs in polynomial time as long as so do 
A4i, . . . , Aim and that its work in no way does depend on an interpretation * applied to the games involved. 
Since an interpretation * is typically irrelevant in such proofs, we will often omit it and write simply F where, 
strictly speaking, F* is meant. That is, we identify formulas with the games into which they turn once an 
interpretation is applied to them. Likewise, we may omit a valuation e and write F instead of e[F] or e[F*]. 

9.1 u -Choose 

U -Choose is the following rule: 

F[Ho U ...UHn]' 

where n > 1 and i G {0, . . . , n}. 

Whenever a formula F follows from a formula E hy U -Choose, we say that is a U -Choose-premise 
of F. 

Theorem 9.1 U -Choose is uniform-constructively sound. 
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Idea. This rule most directly encodes an action that should perform in order to successfully solve 
the conclusion. Namely, A4 should choose Hi and then continue playing as the machine that (presumably) 
solves the premise. ■ 

Proof. Let A^i be an arbitrary HPM (a purported polynomial time solution for the premise). We let 
Ai (the will-be polynomial time solution for the conclusion) be the machine that works as follows. 

At the beginning, without looking at its run tape or valuation tape, Ai makes the move a that brings 
F[HoU ...uHn] down to F[Hi]. For instance, if F[HoU ... U i/„] is X a{Y V {ZuT)) and F[H^] is 
X A {Y V Z), then 1.1.0 is such a move. 

What M does after that can be characterized as "turning itself into Mi' and playing the rest of the 
game as A^i would. In more detail, A4 starts simulating and mimicking J\4i. During this simulation, Al 
"imagines" that A4i has the same valuation e on its valuation tape as Ai itself has, and that the run tape 
of A^i spells the same run as its own run tape does, with the difference that the move a made by Ai at 
the beginning is ignored (as if it was not there). To achieve the effect of consistency between the real and 
imaginary valuation and run tapes, what Ai does is that, every time the simulated Aii reads a cell of its 
valuation or run tape, Ai reads the content of the corresponding cell of its own valuation or run tape, and 
feeds that content to the simulation as the content of the cell that Ali was reading. And whenever, during 
the simulation, Aii makes a move, Ai makes the same move in the real play. 

The run generated by Ai in the real play will look like (TQ;,r). It is not hard to see that then F 
will be a run generated by Aii. So, if Aii wins F[Hi], implying that Wnf^^''(F) = T, then Ai wins 
F[Ho U . . . U if„], because Wnf ^ - ^ ^"1 {Ta, F) = Wnf I^'l (F). 

Simulation does impose a certain overhead, which makes Ai slower than Aii- But, with some analysis, 
details of which are left to the reader, it can be seen that the slowdown would be at most polynomial, 
meaning that, ii A4i runs in polynomial time, then so does Ai. M 

9.2 U-Choose 

U-Choose is the following rule: 

FjHjs)] 
F[UxH{x)] ' 

where x is any non-b variable, s is a variable with no bound occurrences in the premise, and H(s) is the 
result of replacing by s all free occurrences of x in H{x) (rather than vice versa). 

Whenever a formula F follows from a formula E by U-Choose, we say that i? is a U-Choose-premise 
of F. 

Theorem 9.2 L\-Choose is uniform-constructively sound. 

Idea. Very similar to the previous case. Ai should specify x as (the value of) s, and then continue 
playing as the machine that solves the premise. ■ 

Proof. Let A^i be an arbitrary HPM (a purported polynomial time solution for the premise). We let 
Ai (the will-be polynomial time solution for the conclusion) be the machine that, with a valuation e spelled 
on its valuation tape, works as follows. At the beginning, Ai makes the move that brings F[LlxH{x)] down 
to F[H{s)]. For instance, if F[UxH{x)] is X a{YvUxZ{x)) and F[H{s)] is X a(Yv Z{s)), then l.l.c is 
such a move, where c = e(s) (the machine will have to read c from its valuation tape). After this move, A4 
starts simulating and mimicking A^i in the same fashion as in the proof of Theorem 19.11 And, again, as 
long as Ail wins F[H[s)] in polynomial time, A4 wins F[L\xH{x)] in polynomial time. ■ 

9.3 Wait 

Wait is the following rule: 

\\F\\ Fi ... Fn 

F 
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(remember that means the elementarization of F), where n > and the foUowing two conditions are 
satisfied: 

1. Whenever F has the form ^[yo n ... n Ym], each formula X[Yi\ (0 < i < m) is among Fi, . . . , Fn- 

2. Whenever F has the form X[na;y (x)], for some variable s different from b and not occurring in F, the 
formula X[y(s)] is among Fi, . . . ,F„. Here Y{s) is the result of replacing by s all free occurrences of 
X in Y(x) (rather than vice versa). 

Whenever the above relation holds, we say that ||F|| is the special Wait-premise of F, and that 
Fi, . . . ,Fn are ordinary Wait-premises of F. 

The following lemma, on which we are going to rely in this subsection, can be verified by a straightforward 
induction on the complexity of F, which we omit. Remember that () stands for the empty run. 

Lemma 9.3 For any formula F, interpretation * and valuation e, Wn^ () = Wn|^" (). 

Theorem 9.4 Wait is uniform-constructively sound. 

Idea. J\A should wait (hence the name "Wait" for the rule) until the adversary makes a move. If 
this never happens, in view of the presence of the premise ||i^||, a win for Ai is guaranteed by Lemma 19.31 
Otherwise, any (legal) move by the adversary essentially brings the conclusion down to one of the premises 
Fi, . . . , Fn', then Ai continues playing as the machine that wins that premise. ■ 

ProoL Assume Mo,Mi, . . . ,Mn are polynomial time solutions for ||F||, i^i, . . . , _F!„, respectively. We 
let j\4, the will-be solution for F, whose construction does not depend on the just- made assumption, be a 
machine that, with a bounded valuation e spelled on its valuation tape, works as follows. 

At the beginning, A4 keeps waiting until the environment makes a move. If such a move is never made, 
then the run that is generated is empty. Since ||F|| is elementary and Mq wins it, it is classically true (a 
false elementary game would be automatically lost by any machine) . But then, in view of Lemma 19.31 Ai 
wins (the empty run of) F. And, note, T's time in this case is 0. 

Suppose now the environment makes a move. Note that the time during which the machine was waiting 
does not contribute anything to T's time. We may assume that the move made by the environment is legal, 
or else the machine immediately wins. With a little thought, one can see that any legal move a by the 
environment brings the game e[F] down to g[Fi\ for a certain bounded valuation g — with g(b) = e(b) — 
and one of the premises Fi of the rule. For example, if F is {X nY) V nxZ{x), then a legal move a by the 
environment should be either 0.0 or 0.1 or l.c for some constant c (of size <e(b)). In the case a — 0.0, the 
above-mentioned premise Fi will be X V \~\xZ{x), and g will be the same as e. In the case a = 0.1, Fi will 
be y V \~\xZ{x), and g, again, will be the same as e. Finally, in the case a = l.c, Fi will be {X nY)\/ Z{s) 
for a variable s different from b and not occurring in F, and g will be the valuation that sends s to c and 
agrees with e on all other variables, so that g[{X nY) V Z{s)] is e[{X n F) V Z(c)], with the latter being the 
game to which e[F] is brought down by the labmove _Ll.c. 

After the above event, Ai starts simulating and mimicking the machine Aii in the same fashion as in the 
proofs of Theorems 19. II and 19. 2( with the only difference that, if g ^ e, the imaginary valuation tape of the 
simulated machine now spells g rather than e. 

As in the earlier proofs, it can be seen that A4, constructed as above, is a polynomial time solution for 
F. U 



9.4 Modus Ponens (MP) 

Modus Ponens is the following rule: 

Fq ... Fn FqA ... AFn^F 

F 

where n > 0. 

Theorem 9.5 Modus Ponens is uniform- constructively sound. 
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Idea. Together with the real play of A4 plays an imaginary game for each of the premises, in which 
it mimics the machines that win those premises. In addition, it applies copycat between each premise Fi 
and the corresponding conjunct of the antecedent of the rightmost premise, as well as between (the real) F 
and the consequent of that premise. ■ 

Proof. Assume A4o, . . . , Ain and TV are HPMs that win Fq, . . . ,Fn and Fq A ... A — > F in polynomial 
time, respectively (as in the previous proofs, our construction of A4 does not depend on this assumption; 
only the to-be- made conclusion Ai F does). For simplicity, below we reason under the assumption that 
n > 1. Extending our reasoning so as to also include the case n = does not present a problem. 

We let A4 be the following HPM. Its work on a valuation e consists in simulating, in parallel, the machines 
Mo, . ■ . , A^njA/" with the same e on their valuation tapes, and also continuously polling (in parallel with 
simulation) its own valuation tape to see if the environment has made a new move. These simulations 
proceed in the same fashion as in the proofs of the earlier theorems, with the only difference that now Ai 
actually maintains records of the contents of the imaginary run tapes of the simulated machines (in the proof 
of Theorem 19.11 Ai was simply using its own run tape in the role of such a "record"). 

As before, we may assume that the environment does not make illegal moves, for then Ai immediately 
wins. We can also safely assume that the simulated machines do not make illegal moves, or else our as- 
sumptions about their winning the corresponding games would be wrongH If so, in the process of the above 
simulation-polling routine, now and then, one of the following four types of events will be happening (or 
rather detected): 

Event 1. Aii {0 < i < n) makes a move a. Then Ai appends the labmove l.Q.i.a at the end of the 
position spelled on the imaginary run tape of Af in its simulation]^ 

Event 2. Af makes a move O.i.a {0 < i < n). Then Ai appends the labmove _La at the end of the 
imaginary run tape oi Aii in its simulation. 

Event 3. AT makes a move l.a. Then Ai makes the move a in the real play. 

Event 4- The environment makes a move a in the real play. Then Ai appends the labmove _Ll.a at the 
end of the imaginary run tape of TV in its simulation. 

What is going on here is that Ai applies copycat between n + 2 pairs of (sub)games, real or imaginary. 
Namely, it mimics, in (the real play of) F, Af^s moves made in the consequent of (the imaginary play of) 
Fo A ... A Fn ^ F, and vice versa: uses (the real) environment's moves made (in the real play of) F as (an 
imaginary) environment's moves in the consequent of Fq A ... A F„ — >• F. Also, for each i G {0, . . . , n}, Ai 
uses the moves made by A4i in Fi as environment's moves in the Fi component of Fq A ... A F„ — s> F, and 
vice versa: uses the moves made by TV in that component as environment's moves in Fi. Therefore, the final 
position^^ hit by the above imaginary and real plays will be 

F^, F^, Fi'A ... aF;,^F' andF' 

for some Fq, . . . , F,' , F'. Our assumption that the machines AAq, . . . , TM„ and TV win the games Fq, . . . ,Fn 
and Fi A ... A F„ ^ F imphes that each G £ {Fq, . . . , F^, F{ A ... A F^ — !> F'} is T-won, in the sense that 
Wn^O = T. It is then obvious that so should be F'. Thus, the (real) play of F brings it down to the T-won 
F', meaning that A4 wins F. 

With some thought, one can also see that Ai runs in polynomial time. The only reason why A4 may 
spend "too much" time thinking before making a move could be that it waited "too long" to see what 
move was made by one (or several) of the simulated machines. But this would not happen because, by our 
assumption, those machines run in polynomial time, so, whenever they make a move, it never takes them 
"too long" to do so. ■ 



*Since we need to construct Ai no matter whether those assumptions are true or not, we can let A4 simply stop making any 
moves as soon as it detects some illegal behavior. 

^Here and later, of course, an implicit stipulation is that the position spelled on the imaginary run tape of the machine {Mi 
in the present case) that made the move is also correspondingly updated (in the present case, by appending Ta to it). 
^''Remember Convention 13.41 
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10 Logic CL3 



Before we get to our version of formal arithmetic, it would not hurt to identify the (pure) logic on which it 
is based — based in the same sense as the traditional Peano arithmetic is based on classical logic. This logic 
is CL3. With minor technical differences not worth our attention and not warranting a new name for the 
logic, our present version of CL3 is the same as the same- name logic introduced and studied in P^l"1 
The language of CL3 has already been described in Section [S] 

The aixioms of this system are all classically valid elementary formulas. Here by classical validity, in 
view of Godel's completeness theorem, we mean provability in classical first-order calculus. Specifically, in 
classical first-order calculus with function letters and = , where = is treated as the logical identity predicate 
(so that, say, x = x, x = y^ {E{x) E{y)), etc. are vahd/provable). 

As for the rules of inference of CL3, they are the U -Choose, U-Choose and Wait rules of Section [S] 
As will be easily seen from the forthcoming soundness and completeness theorem for CL3 (in conjunction 
with Theorem l9.5[) . CL3 is closed under Modus Ponens. So, there is no need for officially including it among 
the rules of inference, doing which would destroy the otherwise analytic property of the system. 

A CL3-proof of a formula F is a sequence Ei, . . . , En of formulas, with En = F, such that each Ei is 
either an axiom or follows from some earlier formulas of the sequence by one of the rules of CL3. When 
a CL3-proof of F exists, we say that F is provable in CL3, and write CL3 K F. Otherwise we write 
CL3 \/ F. Similarly for any other formal systems as well. 

Example 10.1 The formula \/xp{x) Hxpix) is provable in CL3. It follows by Wait from the axioms 
yxp{x) T (special Wait-premise) and yxp{x) -^p{s) (ordinary Wait-premise). 

On the other hand, the formula VAxp{x) -^\/xp{x), i.e. L\x^p{x) vVxp(a;), in not provable. Indeed, this 
formula has no U -Choose-premises because it does not contain U . Its elementarization (special Wait- 
premise) is _L V yxp{x) which is not an axiom nor the conclusion of any rules. Hence L\x-ip{x) V \fxp{x) 
cannot be derived by Wait, either. This leaves us with U-Choose. But if L\x-ip{x) \/\fxp{x) is derived by 
U-Choose, then the premise should be ^p(s) \/\/xp{x) for some variable s. The latter, however, is neither an 
axiom nor the conclusion of any of the three rules of CL3. 

Example 10.2 The formula T\x'L\y{p{x) — > ^(y)) , whose elementarization is T, is provable in CL3 as follows: 

1 . T Axiom 

2. p[s)^p{s) Axiom 

3. Uy(p(s)->p(y)) U-Choose: 2 

4. nxUy{p{x)-^p{y)) Wait: 1,3 

On the other hand, the formula 'L\y\~\x{p{x) p{y)) can be seen to be unprovable, even though its classical 
counterpart 3yVx(p(a;) -^piy)) is an axiom and hence provable. 

Example 10.3 While the formula 3x(x = /(s)) is classically valid and hence provable in CL3, its construc- 
tive counterpart Ux(a; = /(s)) can be easily seen to be unprovable. This is no surprise. In view of the 
expected soundness of CL3, provability of Ua;(x = /(s)) would imply that every function / is computable 
(worse yet: efficiently computable), which, of course, is not the case. 

Exercise 10.4 To see the resource-consciousness of CL3, show that it does not provep n (pnq) A {pn q), 
even though this formula has the form F ^ F A F oi a. classical tautology. 

Theorem 10.5 CL3 \- X iff X has a uniform polynomial time solution (any formula X). Furthermore: 
Uniform-constructive soundness: There is an effective procedure that takes any ChS-proof of any 

formula X and constructs a uniform polynomial time solution for X . 

Completeness: //CL3 \/ X , then, for any HPM A4, there is an interpretation * such that A4 does not 

win X* (let alone winning in polynomial time). 

^^In fact, an essentially the same logic, under the name L, was already known as early as in |10| . where it emerged in the 
related yet quite different context of the Logic of Tasks. 
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Idea. The soundness of CL3 was, in fact, already established in the preceding section. For completeness, 
assume CL3 \f X and consider any HPM M.. If is an axiom, a smart environment can always make a 
move that brings X down to an unprovable ordinary Wait-premise of X, or else X would be derivable by 
Wait; such a Wait-premise is less complex than X and, by the induction hypothesis, M. loses. If ||X|| is not 
an axiom, then it is false under a certain interpretation, and therefore Ai will have to make a move to avoid 
an automatic loss. But any (legal) move by M brings X down to an unprovable Choose-premise of it (or 
else X would be derivable by a Choose rule) and, by the induction hypothesis, again loses. ■ 

Proof. Modulo the results of Section [51 the soundness ("only if") part of this theorem, in the strong 
"uniform-constructive" form, is straightforward. Formally this fact can be proven by induction on the lengths 
of CL3-proofs. All axioms of CL3 are obviously "solved" by a machine that does nothing at all. Next, as an 
induction hypothesis, assume Xi, . . . , X„ are CL3-provable formulas, A^i, . . . , Mn are uniform polynomial 
time solutions for them, and X follows from those formulas by one of the rules of CL3. Then, as immediately 
implied by the results of Section |9l we can effectively construct a uniform polynomial time solution for 
X. 

The rest of this proof will be devoted to the completeness ( "if" ) part of the theorem. 

Consider an arbitrary formula X with CL3 1/ X, and an arbitrary HPM M.. Here we describe a scenario 
of the environment's behavior in interaction with M. — call this "behavior" the counterstrategy — that makes 
M lose F* on e for a certain appropriately selected interpretation * and a certain appropriately selected 
bounded valuation e even if the time of A4 is not limited at all. 

For a formula Y and valuation g, we say that g is F-distinctive iff g assigns different values to different 
free variables of Y. We select e to be an X-distinctive bounded valuation. Here we let e(b) be "sufficiently 
large" to allow certain flexibilities needed below. 

How our counterstrategy acts depends on the current game (formula, "position" ) Y to which the original 
game X has been brought down by the present time in the play. Initially, Y is X . 

As an induction hypothesis, we assume that CL3 \/ Y and e is F-distinctive. We separately consider the 
following two cases. 

Case 1: \\Y\\ is classically valid. Then there should be a CL3-unprovable formula Z — an ordinary 
Wait-premise of y — satisfying the conditions of one of the following two subcases, for otherwise Y would 
be derivable by Wait. Our counterstrategy selects one such Z (say, lexicographically the smallest one), and 
acts according to the corresponding prescription as given below. 

Subcase 1.1: Y has the form F[Go n ... nG™], and Z is F[Gi] {i e {0, ...,m}). In this case, the 
counterstrategy makes the move that brings Y down to Z, and calls itself on Z in the role of the "current" 
formula Y. 

Subcase 1.2: Y has the form F^xG{x)], and Z is _F[G(s)], where s is a variable different from b and 
not occurring in Y . We may assume here that e(s) is different from any e(r) where r is any other (7^ s) 
free variable of Y . Thus, e remains a Z-distinctive valuation. In this case, our counterstrategy makes the 
move that brings Y down to Z (such a move is the one that specifies the value of x as e(s) in the indicated 
occurrence of VAxG{x)), and calls itself on Z in the role of Y . 

Case 2: \\Y\\ is not classically valid. Then our counterstrategy inactively waits until JV[ makes a move. 

Subcase 2.1. If such a move is never made, then the run that is generated is empty. Since e is a In- 
distinctive valuation, of course, it is also ||y||-distinctive. It is a common knowledge from classical logic that, 
whenever a formula F is invalid (as is \\Y\\ in our present case) and e is an _F-distinctive valuation, e[F] is 
false in some model. So, e[||y||] is false in/under some model/interpretation *. This, in view of Lemma |9.3[ 
implies that Wn^ = -L and hence M is the loser in the overall play of X* on e. 

Subcase 2.2. Now suppose M. makes a move. We may assume that such a move is legal, or else M. 
immediately loses. With a little thought, one can see that any legal move ahy M will bring the game down 
to Z for a certain formula Z such that Y follows from Z by U -Choose or U-Choose, and e remains — or, at 
least, can be safely assumed to remain — Z-distinctive. But then, since CL3 1/ Y , we also have CL3 1/ Z. 
In this case, our counterstrategy calls itself on Z in the role of Y . 

It is clear that, sooner or later, the interaction will end according to the scenario of Subcase 2.1, in which 
case, as we observed, will be the loser in the overall play of X* on e for a certain interpretation *. ■ 
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11 CL4, the metalogic of CL3 



In this section we present an auxiliary deductive system CL4. Syntactically, it is a conservative extension 
of CL3. Semantically, we treat CL4 as a metalogic of CL3, in the sense that the formulas of CL4 are 
seen as schemata of CL3-formulas, and the theorems of CL4 as schemata of theorems of CL3. System 
CL4 — in an unsubstantially different form — was initially introduced and studied in |17| where, unlike our 
present treatment, it was seen as a logic (rather than metalogic) in its own rights, soundly and completely 
axiomatizing a more expressive fragment of computability logic than CL3 does. Simplicity is the only reason 
why here we prefer to see CL4 as just a metalogic. 

The language of CL4 is obtained from that of CL3 by adding to it nonlogical general letters, on top of 
the predicate letters of the language of CL3 that in this new context, following the terminological tradition 
of computability logic, we rename into elementary letters. We continue using the lowercase p, q (possibly 
indexed) as metavariables for elementary letters, and will be using the uppercase P, Q (possibly indexed) as 
metavariables for general letters. Just as this is the case with the elementary letters, we have infinitely many 
rt-ary general letters for each arity (natural number) n. In our present approach, the nonlogical elementary 
letters of the language of CL4 will be seen as metavariables for elementary formulas of the language of CL3, 
the general letters of the language of CL4 will be seen as metavariables for any, not-necessarily-elementary, 
formulas of the language of CL3, and the function letters of the language of CL4 will be seen as metavariables 
for terms of the language of CL3. 

Formulas of the language of CL4, to which we refer as CL4-formulas, are built from atoms, terms, 
variables and operators in exactly the same way as CL3-formulas are, with the only difference that now, 
along with the old elementary atoms — atoms of the form p(ri, . . . ,t„) where p is an n-ary elementary 
letter and the are terms — we also have general atoms, which are of the form P(ri, . . . , t„), where P is 
an n-ary general letter and the Ti are terms. An elementary literal is T, _L, or an elementary atom with 
or without negation -i. And a general literal is a general atom with or without negation. As before, we 
always assume that negation can only occur in literals; -• applied to a non- atomic formula, as well as — > , are 
treated as abbreviations. The concepts of a surface occurrence, positive occurrence etc. straightforwardly 
extend from the language of CL3 to the language of CL4. 

We say that a CL4-formula is elementary iff it does not contain general atoms and choice operators. 
Thus, "elementary CL4-formula" , "elementary CL3-formula" and "formula of classical logic" mean the 
same. Note that wc sec the predicate letters of classical logic as elementary rather than general letters. 

The elementarization ||F|| of a CL4-formula F is the result of replacing in it all surface occurrences of 
n- and ri-subformulas by T, all surface occurrences of U- and U-subformulas by _L, and all positive surface 
occurrences of general literals by _L. 

CL4 has exactly the same axioms as CL3 does (all classically valid elementary formulas), and has four 
rules of inference. The first three rules are nothing but the rules of U -Choose, U-Choose and Wait of CL3, 
only now applied to any CL4-formulas rather than just CL3-formulas. The additional, fourth rule, which 
we call Match, is the following: 

F[p{f),^p{e)] 

F[PiT),^P{9)y 

where P is any n-ary general letter, p is any n-ary nonlogical elementary letter not occurring in the conclusion, 
and f,9 are any n-tuples of terms; also, according to our earlier notational conventions, F[P(f), -^P{9)] is a 
formula with two fixed positive occurrences of the literals P{t) and -^P{9), and F[p{t),^p{9)] is the result 
of replacing in F[P{t),^P{9)] the above two occurrences by p{t) and -^p{9), respectively. 

It may help some readers to know that CL4 is an extension of additive-multiplicative affine logic (classical 
linear logic with weakening), with the letters of the latter understood as our general letters. This fact is 
an immediate consequence of the earlier- known soundness of affine logic (proven in [241 ) and completeness 
of CL4 (proven in jl? ) with respect to the semantics of computability logic. As seen from the following 
example, the extension, however, is not conservative. 

Example 11.1 Below is a CL4-proof of the formula (P A P) V (P A P) -> (P V P) A (P V P). The latter was 
used by Blass [4^ as an example of a game-semantically valid principle not provable in affine logic. 

1. (pi A P2) V (p3 A P4) (pi V P3) A {p2 V P4) Axiom 
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2. (pi Ap2)v(p3AP)^(pi Vp3)A(p2VP) Match: 1 

3. (pi A P2) V (P A P) ^ (pi V P) A (p2 V P) Match: 2 

4. (pi A P) V (P A P) ^ (pi V P) A (P V P) Match: 3 

5. (P A P) V (P A P) ^ (P V P) A (P V P) Match: 4 

Example 11.2 In Examplc ll0.2l we saw a CL3-proof of nxUy{p{x) p{y)) . The same proof, of course, is 
also a CL4-proof. Below is a CL4-proof of the stronger version of this formula where we have an uppercase 
rather than lowercase P: 

1 . T Axiom 

2. p{s)^p{s) Axiom 

3. P{s)^P{s) Match: 2 

4. Uy{P{s)^P{y)) U-Choose: 3 

5. \lxL\y{P{x)^P{y)) Wait: 1,4 

Example 11.3 While CL4 proves the elementary formula p — > p A p, it does not prove its general counterpart 
P ^ P A P. Indeed, ||P — ^ P A P|| = T ^ _L A ± and hence, obviously, P — > P A P cannot be derived by Wait. 
This formula cannot be derived by Choose rules either, because it contains no choice operators. Finally, if 
it is derived by Match, the premise should be p — 5> P A p or p — 5> p A P. In cither case, such a premise cannot 
be proven, as it contains no choice operators and its elementarization is p — 5- _L Ap or p — s-p A _L. 

Let P be a CL4-formula. A substitution for P is a function ^ that sends: 

• each nonlogical n-ary elementary letter p of P to an elementary CL3-formula p^{xi, . . . , a;„) — with 
here and below xi, . . . ,Xn being a context-setting fixed n-tuple of pairwise distinct variables — which 
does not contain any free variables that have bound occurrences in P; 

• each n-ary general letter P of P to an (elementary or nonelementary) CL3- formula P^(xi, . . . 
which does not contain any free variables that have bound occurrences in P; 

• each n-ary function symbol / of P to a term /^(zi, . . . , a;„) which does not contain any variables that 
have bound occurrences in P. 

The above uniquely extends to a mapping that sends each term r of P to a term , and each subformula 
of P to a CL3-formula by stipulating that: 

1. x^ — X (any variable x). 

2. Where / is an n-ary function symbol and ri, . . . , r„ are terms, (/(ti, ■ • • , T'n))^ — f^i'^'i ^ • ■ • ; Tn)- 

3. (ri=r2f is rf=r2^. 

4. Where £ is an n-ary nonlogical elementary or general letter and ti, . . . , t„ are terms, (£(ri, . . . , r„)) = 
£^(ri^,...,r,?). 

5. commutes with all logical operators: 
. T^ = T; 
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• (Va;^;)"^ = Vx{E'^); 

• (UxE)"^ = UxiE"^). 

We say that a CLS-formula E is an instance of a CL4-formula F, or that E matches F, iS E = F^ 
for some substitution ^ for F. 

Theorem 11.4 A CLA-formula is provable in CL4 ijf all of its instances are provable in CL3. 

Idea. The completeness part of this theorem is unnecessary for the purposes of the present paper, and 
its proof is omitted. For the soundness part, consider a CL4-provable formula F and an arbitrary instance 
F^ of it. We need to construct a CL3-proof of F^ . The idea here is to let such a proof simulate the 
CL4-proof of F. Speaking very roughly, simulating steps associated with U -Choose, U-Choose and Wait 
is possible because these rules of CL4 are also present in CL3. As for the Match rule, it can be simulated 
by a certain "deductive counterpart" of the earlier seen copycat strategy. Namely, in the bottom-up view 
of the CL3-proof under construction, every application of Wait that modifies a subformula originating from 
a matched (in the CL4-proof ) literal, should be followed by a symmetric application of U -Choose or U- 
Choose in the subformula originating from the other matched literal — an application that evens out the 
two subformulas so that one remains the negation of the other. ■ 

Proof. Our proof will be focused on the soundness ( "only if" ) part of the theorem, as nothing in this 
paper relies on the completeness ("if") part. We only want to point out that, essentially, the latter has 
been proven in Section 5 of [17 . Specifically, the proof of Lemma 5.1 of [17) proceeds by showing that, if 
CL4 1/ F, then there is a CLS-formula [F] which is an instance of F such that CL3 1/ \F~\ . However, as 
noted earlier, the logics under the names "CL3" and "CL4" are not exactly the same in [16j [17] as they 
are here. Namely, [161 IE] allowed constants in formulas while now we do not allow them. On the other 
hand, now we have = and function symbols in the language whereas the approach of [16l[T7] did not consider 
them, nor did it have the special-status variable b. Also, as we remember, in our present treatment n,U 
mean whereas in [16[ 117] they meant properly U. Such technical differences, however, are minor, 

and have no impact on the relevant proofs. So, the above-mentioned proof from [17j . with just a few rather 
straightforward adjustments, goes through as a proof of the completeness part of the present theorem as 
well. 

For the soundness part, we extend the language of CL4 by adding to it a new sort of nonlogical letters 
called hybrid. Each n-ary hybrid letter is a pair Pq, where P — called its general component — is an 
n-ary general letter, and q — called its elementary component — is a nonlogical n-ary elementary letter. 
And vice versa: for every pair (P, q) of letters of the above sort, we have an n-ary hybrid letter Pq. Formulas 
of this extended language, to which we will be referring as hyper formulas, are built in the same way as 
CL4- formulas, with the difference that now atoms can be of any of the three — elementary, general or hybrid 
— sorts. Surface occurrence, (elementary, general, hybrid) literal and similar concepts straightforwardly 
extend from CL3- and CL4-formulas to hyperformulas. Furthermore, concepts such as surface occurrence, 
positive occurrence, etc. extend from subformulas to parts of subformulas, such as letters occurring in them, 
in the obvious way. 

We say that a hyperformula E is a CL4°-formula iff, for every hybrid letter Pq occurring in E, the 
following conditions are satisfied: 

1. E has exactly two occurrences of Pq, where one occurrence is positive and the other occurrence is 
negative, and both occurrences are surface occurrences. We say that the corresponding two literals — 
where one looks like Pq{f) and the other like -^Pq{9) — are matching. 

2. The elementary letter q does not occur in E, nor is it the elementary component of any hybrid letter 
occurring in E other than Pq. 

Of course, every CL4-formula is also a CL4°-formula — one with no hybrid letters. 
The elementarization ||i?|| of a CL4°-formula E is the result of replacing, in E, each surface occurrence 
of the form Gi n ... n G„ or VAxG by T, each surface occurrence of the form Gi U ... U G„ or [AxG by _L, 
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every positive surface; oc;currence of each general literal by _L, and every surface occurrence of each hybrid 
letter by the elementary component of that letter. 

We are going to employ a "version" of CL4 called CL4°. Unlike CL4 whose language consists only of 
CL4-formulas, the language of CL4° allows any CL4°-formulas. The axioms and rules of CL4° are the 
same as those of CL4 — only, now applied to any CL4°-formulas rather than just CL4-formulas — with 
the difference that the rule of Match is replaced by the following rule that we call Match": 

F[P{f),^p{e)] ' 

where P is any n-ary general letter, q is any n-ary elementary letter not occurring in the conclusion (neither 
independently nor as the elementary component of some hybrid letter), and t,6 are any n-tuples of terms. 

Claim 1. For any CL4-formula E, if CL4 h E, then CL4° h E. 

Proof. The idea that underlies our proof of this claim is very simple: every application of Match 
naturally turns into an application of Match" . 

Indeed, consider any CL4-proof of E. It can be seen as a tree all of the leaves of which are labeled with 
axioms and every non-leaf node of which is labeled with a formula that follows by one of the rules of CL4 
from (the labels of) its children, with E being the label of the root. By abuse of terminology, here we identiiy 
the nodes of this tree with their labels, even though, of course, it may be the case that different nodes have 
the same label. For each node G of the tree that is derived from its child H by Match — in particular, where 
H is the result of replacing in G a positive and a negative surface occurrences of an n-ary general letter P 
by an n-ary nonlogical elementary letter q — do the following: replace q by the hybrid letter Pq in H as well 
as in all of its descendants in the tree. It is not hard to see that this way we will get a CL4°-proof of E. ■ 

The concept of a substitution ^ for a CL4°-formula E, and the corresponding CL3-formula E"^ , are 
defined in the same ways as for CL4-formulas, treating each hybrid letter Pq as a separate (not related to 
P or any other Pp with p ^ q) general letter. 

We say that a CL3-formula E is a TROW-premise of a CL3-formula F ( "TROW" = "Transitive Re- 
flexive Ordinary Wait" ) iff S is F, or an ordinary Wait-premise of F, or an ordinary Wait-premise of an 
ordinary Wait-preniise of i^, or ... . 

Let E be a CL4°-formula with exactly n positive surface occurrences of general literals, with those 
occurences being (not necessarily pairwisc distinct literals) Gi, . . . , G„. And let be a substitution for E. 
Then E^ can obviously be written as H[Gf , . . . , Gj^], where G^, . . . , G^ are surface occurrences originating 
from the occurrences of Gi,...,G„ in E. Under these conditions, by a ''-quasiinstance of E we will 
mean any TROW-premise of H[G'^ , . . . , G^^] that can be written as i?[Ji, . . . , Jn]- To summarize in more 
intuitive terms, a "^-quasiinstance of is a TROW-premise of E^ where all (if any) changes have taken 
place exclusively in subformulas (G^,...,G^) that originate from positive occurrences of general literals 
(Gi, . . . , G„) in E. Of course, E^ is one of the ^-quasiinstances of E. 

By a (simply) quasiinstance of a CL4°-formula E we mean a *^-quasiinstance of for some substitution 
^ for E. Note that every instance is a quasiinstance but not necessarily vice versa. 

Claim 2. For any Cli4° -form,ula E, i/ CL4° h E, then every quasiinstance of E is provable in CL3. 

Proof. Consider any CL4°-provable formula E. We want to show that CL3 proves any quasiinstance 
of E. This will be done by induction on the length of the CL4°-proof of E; within the inductive step of this 
induction, we will use a second induction — induction on the complexity (the number of logical connectives) 
of the quasiinstance of E under consideration. Call the first induction primary and the second induction 
secondary. These adjectives will also be applied to the corresponding inductive hypotheses. 

For the basis of the primary induction, assume E is an axiom of CL4° (and hence of CL3 as well), i.e. E 
is a valid formula of classical logic. Consider any substitution ^ for E. The formula E'^ is an axiom of (CL4° 
and) CL3, because classical validity is closed under applying substitutions. And, since E is elementary, E^ 
is the only ^-quasiinstance of it. So, we are done. 

Below comes the inductive step of the primary induction, divided into three cases. 

Case 1. Assume E is obtained from a premise G by U -Choose or U-Choose. Consider any substitution 
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^ for E. Obviously, E'^ follows from G'^ by the same rulej^ and, by the primary induction hypothesis, 
CL3 h , so we have CL3 h E'^. Furthermore, what we just observed extends to any other (other than 
E'^) ^-quasiinstance H of E as well: with some thought, one can see that such an H follows from a certain 
(the corresponding) ^-quasiinstance of G by the same rule U -Choose or U-Choose as E follows from G. 

Case 2. Assume E is obtained from premises Gi, . . . , Gn by Wait. Consider any substitution for 
E and any ''-quasiinstance H of E. We want to show that H can be derived in CL3 by Wait. 

The provability of the elementary formula ||i5|| obviously means that it is an axiom, i.e., a valid formula 
of classical logic. Let Ji, . . . ,Jk be all positive surface occurrences of general literals in E, and let E' be 
the formula obtained from E by replacing those occurrences by 51, . . . , g^, where the qi are pairwise distinct 
0-ary elementary letters not occurring in E. Observe that then \\E'\\ differs from \\E\\ in that, where the 
former has k positive occurrences of _L (originating from Ji . . . . , when elementarizing E) , the latter has 
the k atoms qi, . . . ,qk- It is known from classical logic that replacing positive occurrences of _L by whatever 
formulas does not destroy validity. Hence, as \\E\\ is vahd, so is Now, with some analysis, details of 

which are left to the reader, one can see that the formula \\H\\ is a substitutional instance — in both our 
present sense as well as in the classical sense — of So, as an instance of a classically valid formula, 

||iJ|| is classically valid, i.e. is an axiom of CL3, and we thus have 

CL3h||iJ||. (5) 

We now want to show that: 

Whenever H = H[Ki n . . . n Km] and 1 < i < m, we have CL3 h H[Ki]. (6) 
Indeed, assuming the conditions of ([5]), one of the following should be the case: 

1. The occurrence of /^i n . . . n Km in H originates from a (surface) occurrence of a subformula Li n ... n L 
in E (so that Ki = if, . . ., Km — L^n)- Then, obviously, H[Ki] is a ^-quasiinstance of one of the 
ordinary Wait-premises Gj (1 < j < n) of E. But then, by the primary induction hypothesis, we have 
C\uZ^ H[K,]. 

2. The occurrence of Ki n . . . n Km in H originates from a (positive surface) occurrence of some general 
literal L in E (so that Ki n . . . n Km has a surface occurrence in a TROW-premise of i*^). Note that 
then H[Ki\, just like is a ^-quasiinstance of E. By the secondary induction hypothesis, the formula 
H[Ki\^ as a quasiinstance of E less complex than H itself, is provable in CL3. 

3. The occurrence of Ki n . . . n Km in H originates from a (positive surface) occurrence of some hybrid 
literal L in E (so that Ki n . . . n Km has a surface occurrence in L'^). Then H[Ki] contains a surface 
occurrence of the subformula -^Ki U . . . U -^K^i, originating from the occurrence of the matching hybrid 
literal L' in E. Let H' be the result of replacing that -^Ki U . . . U -^Km by -^Ki in H[Ki]. Obviously 
H' , just like iJ, is a quasiinstance of E, but it is less complex than H. Hence, by the secondary 
induction hypothesis, CL3 h H' . But H[K^] follows from H' by U -Choose. So, CL3 h H[K^]. 

In all cases we thus get CL3 h H[Ki], as desired. 
In a very similar way, we can further show that 

Whenever H — H[nxK{x)], we have CL3 h H[K(s)] for some variable s not occurring in H . (7) 

Now, from (O, © and dZ]), by Wait, we find the desired CL3 h H. 

Case 3. Suppose -P is a /c-ary general letter, 5 is a fc-ary nonlogical elementary letter, n, . . . , Tfe, 9i, ... ,0k 
are terms, 

E = E[P{Ti,...,Tk), ^P{ei,...,9k)] 
and it is obtained from the premise 

E[Pg{n,...,Tk), -P,(0i,...,0fc)] (8) 

'^^To ensure that Convention 18. 1 1 is respected, here we can safely assume that, if E is obtained by U-Choose and this rule (in 
the bottom- up view) introduced a fresh variable s, then s has no (bound) occurrences in G^, or otherwise rename s into some 
neutral variable. 
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by Match". Consider any substitution ^ for E, and any ^-quasiinstance of E. Obviously such a quasiinstance 
can be written in the form 

H[K,{r'^,...,r^), -.K,{ef , . . . ,9^)1 (9) 

where H inherits the logical structure of E (but probably adds some extra complexity to it), Ki{t'^ , . . . , r^) 
is a TROW-premise of P'^ir^, . . . , r^) and -^K2{0f , . . . , 61^) is a TROW-premise of -^P'^ief,. . . , 61^). With 
a little thought, one can see that there is a series of U -Chooses and U-Chooses that we can apply — in the 
bottom- up sense — to © to "even out" the Ki{t'^ , . . . ,t^) and -^K2{0f , ... ,6*^) subformulas and bring 
(El) to 

H[K{r^,...,T^), ^K{ef,...,e^)] (10) 

for a certain formula K{xi, . . . , a;„). Let ^ be the substitution for E which sends Pq to K{xi, . . . , Xn) and 
agrees with ^ on everything else. With a little thought, we can see that (|10l) is a ^-quasiinstance of 
Hence, by the primary induction hypothesis, CL3 h (jlOp . Now, as we already know, (|9]) is obtained from 
((To)) using a series of U -Chooses and U-Chooses. Hence (HJ — which, as we remember, was an arbitrary 
quasiinstance of i? — is provable in CL3. 

The above Cases 1,2,3 complete the inductive step of our primary induction, and we conclude that, 
whenever E is sl CL4°-provable formula, every quasiinstance of it is provable in CL3. ■ 

To complete our proof of (the soundness part of) Theorem 111 .41 assume CL4 h F. Then, by Claim 1, 
CL4° h F. Consider any substitution ^ for F. is a (quasi)instance of F and hence, by Claim 2, 
CL3 h F^ . Since both F and ^ are arbitrary, we conclude that every instance of every CL4-provable 
formula is provable in CL3. ■ 



12 The basic system of ptarithmetic introduced 

There can be various interesting systems of arithmetic based on computability logic ("clarithmetics"), 
depending on what language we consider, what fragment of CL is taken as a logical basis, and what extra- 
logical rules and axioms are employed. [2S] introduced three systems of clarithmetic, named CLAl, CLA2 
and CLA3, all based on the fragment CL12 (also introduced in [25]) of computability logic. The basic 
one of them is CLAl, with the other two systems being straightforward modifications of it through slightly 
extending (CLA2) or limiting (CLA3) the underlying nonlogical language. Unlike our present treatment, 
the underlying semantical concept for the systems of |25) was computability-in-principle rather than efficient 
computability. 

The new system of clarithmetic introduced in this section, meant to axiomatize efficient computability 
of number-theoretic computational problems, is named PTA. The term "ptarithmetic" is meant to be a 
generic name for systems in this style, even though we often use it to refer to our present particular system 
PTA of ptarithmetic. 

The language of PTA, whose formulas we refer to as PTA-formulas, is obtained from the language of 
CL3 by removing all nonlogical predicate letters (thus only leaving the logical predicate letter =), and also 
removing all but four function letters, which are: 

• zero, 0-ary. We will write for zero. 

• successor, unary. We will write r' for successor (t). 

• sum, binary. We will write T1+T2 for sum{Ti,T2). 

• product, binary. We will write ri for product{Ti,T2). 

From now on, when we just say "formula" , we mean "PTA-formula" , unless otherwise specified or 
suggested by the context. 

Formulas that have no free occurrences of variables are said to be sentences. 

The concept of an interpretation explained earlier can now be restricted to interpretations that are only 
defined on 0, ', +, x and =, as the present language has no other nonlogical function or predicate letters. 



30 



Of such interpretations, the standard interpretation ^ is the one that interprets as (the 0-ary function 
whose value is) 0, interprets ' as the standard successor (x + l) function, interprets + as the sum function, 
interprets x as the product function, and interprets = as the identity relation. Where F is a PTA-formula, 
the standard interpretation of F is the game F^, which we typically write simply as F unless doing so 
may cause ambiguity. 

The axioms of PTA are grouped into logical and nonlogical. 

The logical ZLxioms of PTA are all elementary PTA-formulas provable in classical first-order logic. 
That is, all axioms of CL3 that are PTA-formulas. 

As for the nonlogical axioms, they are divided into what we call "Peano" and "extra-Peano" axioms. 

The Peano axioms of PTA are all sentences matching the following seven schemesl^ with x, y , yi , . . . , ?/„ 
being any pairwisc distinct variables other than b: 

Axiom 1: Vx(07ia;') 

Axiom 2: \/x\/y{x' = y' ^ x = y) 

Axiom 3: yx{x + = x) 

Axiom 4: \/x\/y[x + y' = {x + y)') 

Axiom 5: Vx(a;xO = 0) 

Axiom 6: \fx\/y(^xxy' = {xxy) + x) 



Axiom 7: Vyi . . .\fy„i^F{o) Ayx{F{x) F{x')) ^\fxF{x)j , where F{x) is any elementary formula and 
yi, . . . ,yn are all of the variables occurring free in it and different from b, x. 

Before we present the extra-Peano axioms of PTA, we need to agree on some notational matters. The 
language of PTA extends that of Peano Arithmetic PA (see, for example, |3) through adding to it 
n, U,U,n. And the language of PA is known to be very expressive, despite its nonlogical vocabulary 
officially being limited to only 0, ', +, x. Specifically, it allows us to express, in a certain reasonable and 
standard way, all recursive functions and relations, and beyond. Relying on the common knowledge of the 
power of the language of PA, we will be using standard expressions such as x<y, y>x, etc. in formulas as 
abbreviations of the corresponding proper expressions of the language. Namely, in our metalanguage, |a; 
will refer to the length of (the binary numeral for the number represented by) xi^ So, when we write, say, 
"|a;| <b", it is to be understood as an abbreviation of a standard formula of PA saying that the size of x 
does not exceed b. 

Where r is a term, we will be using rO and rl as abbreviations for the terms 0"xr and (o"xt)', 
respectively. The choice of this notation is related to the fact that, given any natural number a, the binary 
representation of 0"xa (i.e., of 2a) is nothing but the binary representation of a with a "0" added on 
its right. Similarly, the binary representation of (0"xa)' is nothing but the binary representation of a 
with a "1" added to it. Of course, here an exception is the case a = 0. It can be made an ordinary case 
by assuming that adding any number of Os at the beginning of a binary numeral b results in a legitimate 
numeral representing the same number as b. 

The number aO (i.e. 2a) will be said to be the binary 0-successor of a, and al (i.e. 2a -I- 1) said to be 
the binary 1-successor of a; in turn, we can refer to a as the binary predecessor of aO and al. As for 
a', we can refer to it as the unary successor of a, and refer to a as the unary predecessor of a'. Every 
number has a binary predecessor, and every number except has a unary predecessor. Note that the binary 
predecessor of a number is the result of deleting the last digit in its binary representation. Two exceptions 
are the numbers and 1, both having as their binary predecessor. 

Below and elsewhere, by a b-term we mean a term of the official language of PTA containing no variables 
other than b. That is, a term exclusively built from b, 0, ', -h, x . 

Now, the extra-Peano ZLxioms of PTA are all formulas matching the following six schemes, where s is 
any variable and x is any variable other than b, s: 



^^Only Axiom 7 is a scheme in the proper sense. Axioms 1-6 are "schemes" only in the sense that x and y are metavariables 
for variables rather than particular variables. These axioms can be painlessly turned into particular formulas by fixing some 
particular variables in the roles of x and y. But why bother. 

^■'Warning: here we do not follow the standard convention, according to which |0| is considered to be rather than 1. 
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Axiom 8: Ux{x = 0) 
Axiom 9: s = 0Us7^0 
Axiom 10: \s'\<b ^L\x{x = s') 
Axiom 11: |sO| < b Ua;(x = sO) 
Axiom 12: L\x{s = xOu s = xl) 
Axiom 13: |s| < b 

The rules of inference are also divided into two groups: logical and nonlogical. 

The logical rules of PTA are the rules U -Choose, U-Choose, Wait and Modus Ponens of Section [31 

And there is a single nonlogical rule of inference, that we call Polynomial Time Induction (PTI) 

in which r is any b-term, s is any non-b variable, and E(s), F{s) are any formulas: 



PTI 

E{0) A F(0) E{s) A F(s) ^ E{s') n {F{s') A E{s)) 

s<T^E{s) aF{s) 



Here the left premise is called the basis of induction, and the right premise called the inductive step. 

A formula F is considered provable in PTA iff there is a sequence of formulas, called a PTA-proof of 
F, where each formula is either a (logical or nonlogical) axiom, or follows from some previous formulas by 
one of the (logical or nonlogical) rules of inference, and where the last formula is F. We write PTA h F to 
say that F is provable (has a proof) in PTA, and PTA ^ F to say the opposite. 

In view of the following fact, an alternative way to present PTA would be to delete Axioms 1-7 together 
with all logical axioms and, instead, declare all theorems of PA to be axioms of PTA along with Axioms 
8-13: 

Fact 12.1 Every (elementary PTA-) formula provable in PA is also provable in PTA. 

Proof. Suppose (the classical-logic-based) PA proves F. By the deduction theorem for classical logic 
this means that, for some nonlogical axioms Hi, ... , Hn of PA, the formula Hi A ... A i?„ F is provable 
in classical first order logic. Hence Hi A ... A Hn — ^ F is a logical axiom of PTA and is thus provable in 
PTA. But the nonlogical axioms of PA are nothing but the Peano axioms of PTA. So, PTA proves each 
of the formulas Hi, ... , iJ„. Now, in view of the presence of the rule of Modus Ponens in PTA, we find that 
PTA h F. ■ 

The above fact, on which we will be implicitly relying in the sequel, allows us to construct "lazy" PTA- 
proofs where some steps can be justified by simply indicating their provability in PA. That is, we will treat 
theorems of PA as if they were axioms of PTA. As PA is well known and studied, we safely assume that the 
reader has a good feel of what it can prove, so we do not usually further justify PA-provability claims that 
we make. A reader less familiar with PA, can take it as a rule of thumb that, despite Godel's incompleteness 
theorems, PA proves every true number-theoretic fact that a contemporary high school student can establish, 
or that mankind was or could be aware of before 1931. 

Definition 12.2 

1. By an arithmetical problem in this paper we mean a game A such that, for some formula F of the 
language of PTA, A = F^ (remember that 'f is the standard interpretation). Such a formula F is said a 
representation of A. 

2. We say that an arithmetical problem A is provable in PTA iff it has a PTA-provable representation. 
In these terms, the central result of the present paper sounds as follows: 
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Theorem 12.3 An arithmetical problem has a polynomial time solution iff it is provable in PTA. 

Furthermore, there is an effective procedure that takes an arbitrary PTA-proof of an arbitrary formula 
X and constructs a polynomial time solution for X (for X\ that is). 

Proof. The soundness ( "if" ) part of this theorem will be proven in Section 1151 and the completeness 
("only if") part in Section [21] ■ 



13 On the extra-Peano axioms of PTA 

While the well known Peano axioms hardly require any explanations as their traditional meanings are fully 
preserved in our treatment, the extra-Peano axioms of PTA may be worth briefly commenting on. Below 
we do so with the soundness of PTA (the "if" part of Theorem 112.31) in mind, according to which every 
PTA-provable formula expresses an efficiently (i.e. polynomial time) computable number-theoretic problem. 

13.1 Axiom 8 

L\x{x = 0) 

This axiom expresses our ability to efficiently name the number (constant) 0. Nothing — even such a "trivial" 
thing — can be taken for granted when it comes to formal systems! 

13.2 Axiom 9 

s = U s 5^ 

This axiom expresses our ability to efficiently tell whether any given number is or not. Yet another "trivial" 
thing that still has to be explicitly stated in the formal system. 

13.3 Axiom 10 

|s'|<b^Ux(a; = s') 

This axiom establishes the efficient computability of the unary successor function (as long as the size of the 
value of the function does not exceed the bound b). Note that its classical counterpart \s'\<b ^3x{x = s') 
is simply a valid formula of classical first-order logic (because so is its consequent) and, as such, carries no 
information. Axiom 10, on the other hand, is not at all a logically valid formula, and does carry certain 
nontrivial information about the standard meaning of the successor function. A nonstandard meaning 
(interpretation) of s ' could be an intractable or even incomputable function. 

13.4 Axiom 11 

|sO|<b->Ua;(a; = sO) 

Likewise, Axiom 11 establishes the efficient computability of the binary 0-successor function. There is no 
need to state a similar axiom for the binary 1-successor function, as can be seen from the following lemma: 

Lemma 13.1 PTA h |sl| < b ^ U2;(a; = sl). 

Proof. Informally, a proof of |sl| < b — >■ Ua;(a; = sl) would be based on the fact (known from PA) that 
the binary 1-successor of s is nothing but the unary successor of the binary 0-successor of s; the binary 
0-successor r of s can be found using Axiom 11; and the unary successor u of that r can be further found 
using Axiom 10. 
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Here is a ("lazy" in the earlier- mentioned sense) PTA-proof formalizing the above argument: 

1. T A (|sO|<fa^±) ^ (|sl|<b^±) PA 

2. T Logical axiom 

3. |s'|<b->Ua;(a; = s') Axiom 10 

4. ny{\y'\<b^Ux{x = y')) Wait: 2,3 

5. |sO| < b ^> Ua;(a; = sO) Axiom 11 

6. (|t'|<b^±)A(|sO|<b^(i = sO))^(|sl|<b^±) PA 

7. (|t'|<b^r = i') A (|sO|<b->(t = sO)) (|sl|<b->r = sl) PA 

8. (|t'|<b-^r = i') A (|sO|<b-^(t = sO)) (|sl|<b->Ua;(a; = sl)) U-Choose: 7 

9. (|t'|<b->Ua;(a; = t')) A (|sO|<b-^(t = sO)) (|sl|<b->Ux(a; = sl)) Wait: 6,8 

10. ny{\y'\<b ^Ux{x = y')) A {\sO\<b ^ {t = sO)) ^ {\sl\<b ^Ux{x = sl)) U-Choose: 9 

11. ny{\y'\<b ^Ux{x = y')) A {\sO\<b ^Ux{x = sO)) ^ {\sl\<b ^Ux{x = sl)) Wait: 1,10 

12. |sl|<b->Ua;(a; = sl) MP: 4,5,11 ■ 

This was our first experience with generating a formal PTA-proof. We will do quite some more exercising 
with PTA-proofs later in order to start seeing that behind every informal argument in the style of the one 
given at the beginning of the proof of Lemma 113.11 is a "real" , formal proof. 

13.5 Axiom 12 

Ua;(s = xOus = a;l) (11) 
Let us compare the above with three other, "similar" formulas: 

3x{s = xOus = xl) (12) 

Ux{s = xOv s = xl) (13) 

3x(s = xO V s = xl) (14) 

All four formulas "say the same" about the arbitrary number represented by s, but in different ways. (jl4p 
is the weakest, least informative, of the four. It says that s has a binary predecessor a;, and that s is 
even (i.e., is the binary O-successor of its binary predecessor) or odd (i.e., is the binary 1-successor of its 
binary predecessor) . This is an almost trivial piece of information. (|13p and (jl2l) carry stronger information. 
According to (|13p. s not just merely has a binary predecessor x, but such a predecessor can be actually and 
efficiently found. (fT2|) strengthens (|T4l) in another way. It says that s can be efficiently determined to be 
even or odd. As for (fTTj). which is Axiom 12 proper, it is the strongest. It carries two pieces of good news at 
once: we can efficiently find the binary predecessor cc of s and, simultaneously, tell whether s is even or odd. 

13.6 Axiom 13 

|s|<b 

Remember that our semantics considers only bounded valuations, meaning that the size of the number 
represented by a (free) variable s will never exceed the bound represented by the variable b. Axiom 13 
simply states this fact. Note that this is the only elementary formula among the extra-Peano axioms. 

In view of the above-said, whenever we say "an arbitrary s" in an informal argument, unless otherwise 
suggested by the context, it is always to be understood as an arbitrary s whose size does not exceed the 
bound b. 

Due to Axiom 13, PTA proves that the boimd is nonzero: 
Lemma 13.2 PTA h b^^O. 
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Proof. No binary numeral is of length and, of course, PA knows this. Hence PA h \s\<b ^ b^tO. From 
here and Axiom 13, by Modus Ponens, PTA h b^^O. ■ 

The formula of the following lemma is similar to Axiom 8, only it is about O' instead of 0. 
Lemma 13.3 PTA h Ua;(a; = 0')- 
Proof. 

1. b5^0 Lemma [TX^ 

2. Ux{x = 0) Axioms 

3. T Logical axiom 

4. \s'\<b -^L\x{x = s') Axiom 10 

5. ny{\y'\<b^Ux{x = y')) Wait: 3,4 

6. b7^0A±AT^± Logical axiom 

7. b5^0Au; = 0A(|w'|<b^_L)^± PA 

8. b^O Aw = A{\w'\<b ^v = w') -^v = 0' PA 

9. b^O Aw = A{\w'\<b ^v = w') '^\Jx{x = 0') U-Choose: 8 

10. b^OAw = OA{\w'\<b^Ux{x = w'))~^Ux{x = 0') Wait: 7,9 

11. b^O Aw = Any(\y'\<b ^\Jx{x = y')) ^\Jx{x = 0') U-Choose: 10 

12. b^OA\Jx{x = 0) Any{\y'\<b^\Jx{x = y')) ^\Jx{x = 0') Wait: 6,11 

13. L\x{x = 0') MP: 1,2,5,12 ■ 



14 On the Polynomial Time Induction rule 

£^(0) A F(0) E{s) A F{s) ^ E{s') n {F{s') A E{s)) 

s<T^ E{s) aF{s) 

Induction is the cornerstone of every system of arithmetic. The many versions of formal arithmetic studied 
in the literature (see jp] ) mainly differ in varying — typically weakening — the unrestricted induction of the 
basic PA, which is nothing but our Axiom 7. In PTA, induction comes in two forms: Axiom 7, and the 
above-displayed PTI rule. Axiom 7, along with the other axioms of PA, is taken to preserve the full power of 
PA. But it is limited to elementary formulas and offers no inductive mechanism applicable to computational 
problems in general. The role of PTI is to provide such a missing mechanism. 

A naive attempt to widen the induction of PA would be to remove, from Axiom 7, the condition requiring 
that F{x) be an elementary formula. This would be a terribly wrong idea though. The resulting scheme 
would not even be a scheme of computable problems, let alone efficiently computable problems. Weakening 
the resulting scheme by additionally replacing the blind quantifiers with choice quantifiers, resulting in (a 
scheme equivalent to) 

F(0) A nx{F{x) ^ F{x')) ^ nxF{x), (15) 

would not fix the problem, either. The intuitive reason why (1151) is unsound with respect to the semantics 
of computability logic, even if the underlying concept of interest is computability-in-principle without any 
regard for efficiency, is the following. In order to solve F{s) for an arbitrary s (i.e., solve the problem nxF{x)), 
one would need to "modus-ponens" F{x) -> F{x') with F{0) to compute F{1), then further "modus-ponens" 
F{x) F{x') with F(l) to compute f (2), etc. up to F{s). This would thus require s "copies" of the resource 
F{x) — 5> F{x'). But the trouble is that only one copy of this resource is available in the antecedent of p^)) ! 
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The problem that we just pointed out can be neutrahzed by taking the following rule instead of the 
formula (scheme) (|15l) : 

F(0) nx{F{x) ^ F{x')) 

r\xF{x) ■ 

Taking into account that both semantically and syntactically nxY{x) (in isolation) is equivalent to just 
y(s), we prefer to rewrite the above in the following form: 

F{0) F{s)^F{s') 

Fis) • ^ ' 

Unlike the situation with (ITSI) . the resource F{s) F{s') comes in an unlimited supply in (ITBl) . As a rule, 
assumes that the premise F{s) — 5> F{s') has already been proven. If proven, we know how to solve it. 
And if we know how to solve it, we can solve it as many times as needed. In contrast, in the case of (llSp 
we do not really know how to solve the corresponding problem of the antecedent, but rather we rely on the 
environment to demonstrate such a solution; and the environment is obligated to do so only once. 

(jl6p can indeed be shown to be a computability-preserving rule. As we remember, however, we are 
concerned with efficient computability rather than computability-in-principle. And, in this respect, (I16p is 
not sound. Roughly, the reason is the following: the way of computing F{s) offered by (jl6l) would require 
performing at least as many MP-style steps as the numeric value of s (rather than the dramatically smaller 
size of s). This would yield a computational complexity exponential in the size of s. (jl6p can be made sound 
by limiting s to "sufficiently small" numbers as done below, where r is an arbitrary b-term: 

F(0) F{s)^F{s') 

s<T^F{s) ■ ^ ' 

Here the value of r, being a (b,0, ', +, x )-combination, is guaranteed to be polynomial in (the value of) b. 
Hence, we are no longer getting an exponential complexity of computation. This, by the way, explains the 
presence of "s<r" in the conclusion of PTI. Unlike ^TE\\ and (IT6|) . (ITTl) is indeed sound with respect to our 
present semantics of efficient computability. 

A problem with (1171) . however, is that it is not strong enough — namely, not as strong as PTI, and 
with p7|) instead of PTI, we cannot achieve the earlier promised extensional completeness of PTA. What 
makes PTI stronger than ([TT]) is that its right premise is weaker. Specifically, while the right premise of ([T7)) 
requires the ability to compute F{s') only using F{s) as a computational resource, the right premise of PTI 
allows using the additional resource E{s) in such a computation. 

Note that, in a classical context, identifying the two sorts of conjunction, there would be no difference 
between (ITTl) and PTI. First of all, the (sub)conjunct E{s) in the consequent of the right premise of PTI 
would be meaningless and hence could be deleted, as it is already present in the antecedent. Second, the 
conjunction of E{s) and F{s) could be thought of as one single formula of induction, and thus PTI would 
become simply ([T7]). 

Our context is not classical though, and the difference between PTI and ([T7)) is huge. First of all, we 
cannot think of "the conjunction" oi E{s) and F{s) as a single formula of induction, for that "conjunction" is 
n in the consequent of the right premise while A elsewhere. For simplicity, consider the case E{s) — F{s). 
Also, let us ignore the technicality imposed by the presence of "£^(s)" in the consequent of the right premise of 
PTI. Then that premise would look like F{s) A F{s) F{s') n F(s') which, taking into account that X nX 
is equivalent to X, would be essentially the same as simply F{s) A F{s) ^ F{s'). This is a much weaker 
premise than the premise F{s) F{s') of PT|) . It signifies that computing a single copy of F{s') requires 
computing two copies of F{s). By back-propagating this effect, it would eventually mean that computing 
F{s) requires computing an exponential number of copies of i^(o), even when s is "small enough" such as 

S<T. 

The above sort of an explosion is avoided in PTI due to the presence of E{s) in the consequent of the right 
premise — the "technical detail" that we have ignored so far. The reemergence of E{s) in the consequent of 
that premise makes this resource "recyclable". Even though computing F{s') still requires computing both 
E{s) and F{s), a new copy of E{s) comes "for free" as a side-product of this computation, and hence can be 
directly passed to another, parallel computation of F(s'). Such and all other parallel computations would 
thus require a new copy of F{s) but not a new copy of £'(s), as they get the required resource E(s) from the 
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neighboring computation. So, a group of n parallel computations of F{s') would require n copies of F{s) 
and only one copy of E{s). This essentially cuts the demand on resources at each step (for each s) by half, 
and the eventual number of copies of £'(0) A F{o) to be computed will be of the order of s rather than 2*. 
How this effect is exactly achieved will be clear after reading the following section. 



This section is devoted to proving the soundness part of Theorem 112.31 It means showing that any PTA- 
provable formula X (identified with its standard interpretation X^) has a polynomial time solution, and 
that, furthermore, such a solution for X can be effectively extracted from any PTA-proof of X. 

We prove the above by induction on the lengths of PTA-proofs. 

Consider any PTA-provable formula X. 

For the basis of induction, assume X is an axiom of PTA. Let us say that an elementary PTA-formula 
G is true iff, for any bounded valuation e, e[G] is true in the standard arithmetical sense, i.e., Wn^ () = T. 

If X is a logical axiom or a Peano axiom, then it is a true elementary formula and therefore is "computed" 
by a machine that makes no moves at all. The same holds for the case when X is Axiom 13, remembering 
that, for any bounded valuation e, the size of e(s) (whatever variable s) never exceeds e(b). 

If X is L\x{x = 0) (Axiom 8), then it is computed by a machine that makes the move and never makes 
any moves after that. 

If X is s = OLJs7iO (Axiom 9), then it is computed by a machine that reads the value e(s) of s from the 
valuation tape and, depending on whether that value is or not, makes the move or 1, respectively. 

If X is \s'\ <b ^ Ux{x = s') (Axiom 10), it is computed by a machine that reads the value e(s) of s from 
the valuation tape, then finds (the binary numeral) c with c = e(s) + l, compares its size with e(b) (the latter 
also read from the valuation tape) and, if |c| <e{b), makes l.c as its only move in the game. 

Similarly, if X is |sO| < b -> Ux{x = sO) (Axiom 11), it is computed by a machine that reads the value e(s) 
of s from the valuation tape, then finds (the binary numeral) c with c = e(s)0, compares its size with e(b) 
and, if |c| <e(b), makes l.c as its only move in the game. 

Finally, if X is Ux{s = xO U s = xl) (Axiom 12), it is computed by a machine that reads the value e(s) of 
s from the valuation tape, then finds the binary predecessor c of e(s), and makes the two moves c and or 
c and 1, depending whether the last digit of e(s) is or 1, respectively. 

Needless to point out that, in all of the above cases, the machines that solve the axioms run in polynomial 
time. And, of course, such machines can be constructed effectively. 

For the inductive step, suppose X is obtained from premises Ai, . . . , Xk by one of the four logical rules. 
By the induction hypothesis, we know how to (effectively) construct a polynomial time solution for each Xi. 
Then, by the results of Section [9] on the uniform-constructive soundness of the four logical rules, we also 
know how to construct a polynomial time solution for X. 

Finally, suppose X is s<t ^ E{s) A F{s), where r is a b-term, and X is obtained by PTI as follows: 

E{0) A F(0) E{s) A F{s) ^ E{s') n (F(s') A E{s)) 
s<t~^E{s)aF{s) ' 

By the induction hypothesis, the following two problems have polynomial time solutions — and, further- 
more, we know how to construct such solutions: 



15 The soundness of PTA 



E{0)AF{0y, 
E{s) A F{s) ^ E{s') n (F(s') A E{s)) . 



(18) 
(19) 



Then the same holds for the following four problems: 



i?(0); 



(20) 



E{s)hF{s)^E{s')- 
E{s)aF{s)^E{s)aF{s'). 



(21) 
(22) 
(23) 
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For (Uni) and dU), this is so because CL4 h Pi A P2 ^ Pi (i = 1, 2), whence CL3 proves both E{0) A P(0) 
— >■ i?(0) and P(o) A P(0) — !■ P(0), whence — by the uniform-constructive soundness of CL3 — we know how 
to construct polynomial time solutions for these two problems, whence — by the polynomial time solvability 
of (|18p and the closure of this property (in the strong sense of Theorem 19. 5p under Modus Ponens — we also 
know how to construct polynomial time solutions for E{0) and F{0). With (IT^ instead of the arguments 
for and (|23p are similar, the first one relying on the fact that CL4 proves (Pi P2 n Q) — ^ (Pi P2), 
and the second one relying on the fact that CL4 proves (Pi ^> P2 n {Qi A Q2)) (Pi ^> Q2 A Qi). 

Throughout the rest of this proof, assume some arbitrary bounded valuation e to be fixed. Correspond- 
ingly, when we write b or r, they are to be understood as e(b) or e(T). As always, saying "polynomial" 
means "polynomial in b" . 

For a formula G and a positive integer n, we will be using the abbreviation 

A"G 

for the A -conjunction G A ... A G of n copies of G. If here n — I, k^G simply means G. 

Claim l.For any integer k G {1, . . . , t}, the following problem has a polynomial time solution which, in 
turn, can be constructed in polynomial time: 

E{s) A k'''^^F{s) ^ E{s') A k'"F{s'). (24) 

Proof. In this proof and later, we use the term "synchronizing" to mean applying copycat between 
two (sub)games of the form A and -^A. This means copying one player's moves made in A as the other 
player's moves in -'A, and vice versa. The effect achieved this way is that the games to which A and -^A 
eventually evolve (the final positions hit by them, that is) will be of the form A' and ^A' , that is, one will 
remain the negation of the other, so that one will be won by a given player iff the other is lost by the same 
player. We already saw an application of this idea/technique in the proof of Theorem 19.51 Partly for this 
reason and partly because now we are dealing with a more complicated case, our present proof will be given 
in less detail than the proof of Theorem 19.51 was. 

Here is a solution/strategy for ([24| . While playing the real play of (f24|) on valuation e, also play, in 
parallel, one imaginary copy of (|22p and k imaginary copies of (|23p on the same valuation e, using the 
strategies for (j22p and (j23p whose existence we already know. In this mixture of the real and imaginary 
plays, do the following: 

• Synchronize the F{s) of the antecedent of each zth copy of ([23|l with the ith conjunct of the A F{s) 
part of the antecedent of ((24|l . 

• Synchronize the E{s) of the antecedent of the first copy of with the E{s) of the antecedent of (|24p . 

• Synchronize the E{s) of the antecedent of each copy #(i + l) of with the E{s) of the consequent 
of copy #i of (1231). 

• Synchronize the E{s) of the antecedent of (the single copy of) (|22p with the E{s) of the consequent of 
copy #A: of (USD. 

• Synchronize the F{s) of the antecedent of (|22p with the last conjunct of the k''^^F{s) part of the 
antecedent of (|24p . 

• Synchronize the E{s') of the consequent of ((22)) with the E{s') of the consequent of ((24)) . 

• Synchronize the P(s') of the consequent of each copy #i of ((^5)) with the ith conjunct of the A'^P(s') 
part of the consequent of ((24)) . 

Below is an illustration of such synchronization arrangements — indicated by arcs — for the case fc = 3: 
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(Ell): E{s) A F(s) A F{s) A F{s) A F(s) ^ £;(s') A i^(s') A F{s') A i^(s') 

([23l)i: i;(s)^A^Xs^^ 

;: E{s) aF{s)-/E{s)AF{s') 

;: £:(s) AF(s)^^(s)Ai^(s') 

(PI): E{s) AFis)^Eis') 



Of course, the strategy that we have just described can be constructed effectively and, in fact, in poly- 
nomial time, from the strategies for (j22p and (j23p . Furthermore, since the latter run in polynomial time, 
obviously so does our present one. It is left to the reader to verify that our strategy indeed wins (j24p . ■ 



Now, the sought polynomial time solution for 

s<T-^E{s) aF{s) 



(25) 



on valuation e will go like this. Read the value d = e(s) of s from the valuation tape. Also read the value 
of b and, using it, compute the value c of r. Since r is a (O, ', +, x )-combination of b, computing c only 
takes a polynomial amount of steps. If d>c, do nothing — you are the winner (again, comparing d with c, 
of course, takes only a polynomial amount of steps). Otherwise, using the strategy from Claim 1, for each 
a £ {0, . . . ,d — 1}, play (a single copy of) the imaginary game Ga on valuation e, defined by 



Ga 



E{a)Ak''-''^^F{a) 



■E{a')Ak'^ "F{a'). 



Namely, the effect of playing Ga on valuation e is achieved by playing E{s) A A'' '^'^^F{s) — > E{s') A A"^ "i^(s') 
on the valuation e' which sends s to a and agrees with e on all other variables. In addition, using the strategy 
for ([20l) . play a single imaginary copy of E{0) on e, and, using the strategy for ([2T|) . play d+1 imaginary 
copies of i^(0) on e. In this mixture of imaginary plays and the real play of (l?5]) . do the following: 

• Synchronize the above £'(0) and F{o)s with the corresponding conjuncts of the antecedent of Gq. 

• Synchronize the antecedent of each Gi + i with the consequent of Gi . 

• Synchronize the consequent of Gd-i with the consequent of (j25p . 

Below is an illustration of these synchronization arrangements for the case d = 11 (decimal 3): 



11<T^ £;(11) Ai^(ll) 



Gi 



£;(io) Ai^(io)AF(io) ^ £;(ii) Ai^(ii) 



Gi: 



Go: 



£;(!) Ai^(i) af(i)af(i) ^ £;(io) af(io) Ai^(io) 




£;(0) A F(0) A F(0) A F(0) A F(0) ^ £^(1) A F{1) A F(l) A F{1) 



E{0) F(0) F(0) F(0) F{0) 

Again, with some thought, one can see that our strategy — which, of course, can be constructed effectively 
runs in polynomial time, and it indeed wins (j25p . as desired. 
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16 Some admissible logical rules of PTA 



When we say that a given rule is admissible in PTA, we mean that, whenever aU premises of any given 
instance of the rule are provable in PTA, so is the conclusion. 

This section is devoted to observing the admissibility of a number of rules. From our admissibility proofs 
it can be seen that these rules are admissible not only in PTA but also in any CL3-based applied theory 
in general. This is the reason why these rules can be called "logical" . Such rules can and will be used as 
shortcuts in PTA-proofs. Many of such rules can be further strengthened, but in this paper — for the sake 
of simplicity and at the expense of (here) unnecessary generality — we present them only in forms that (and 
as much as they) will be actually used in our further treatment. 

In the formulations of some of the rules we use the expression 

It means the same as the earlier-used i.e., a formula E with a fixed positive surface occurrence of 

a subformula F; only, in E'^[F], the additional (to being a positive surface occurrence) condition on the 
occurrence of F is that this occurrence is not in the scope of any operator other than V . 

16.1 CL4-Instantiation 



F ' 

where F is any PTA-formula which is an instance of some CL4-provable formula E. 

Unlike all other rules given in the present section, this one, as we see, takes no premises. It is a "rule" 
that simply allows us to jump to a formula F as long as it is an instance of a CL4-provable formula. 

Fact 16.1 CJj4- Instantiation is admissible in PTA. 

Proof. Assume a PTA-formula F is an instance of some CL4-provable formula. Then, by Theorem 
111.41 CL3 h- F. CL3 is an analytic system, in the sense that it never introduces into premises any function 
or predicate letters that are not present in the conclusion. So, all formulas involved in the CL3-proof of 
F will be PTA-formulas. This includes the axioms used in the proof. But such axioms are also axioms 
of PTA. And PTA has all inference rules that CL3 does. Hence, the above CL3-proof of F will be a 
PTA-proof of F as well. ■ 



16.2 Transitivity (TR) 

Ei^F F-fE2 
Ei^E2 

Fact 16.2 Transitivity is admissible in PTA. 
Proof. Assume 

'PTAh Ei^F and PTAhF^i^a- (26) 

CL4 proves (Pi Q) f\ {Q ^ P2) ^ {Pi P2) (it is derived from the classical tautology [pi q) f\ {q ^ P2) ^ 
{pi — >P2) by Match applied three times). Hence, by CL4-Instantiation, 

PTAh (£:i^F)a(F^£;2)^(-Bi^£;2). (27) 
Now, from ^ and by Modus Ponens, we get the desired PTA \- Ei ^ £2- ■ 
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16.3 n-Elimination 

nxF{x) 

F{s) ' 

where x is any variable, F{x) is any formula, s is any variable not bound in the premise, and F{s) is the 
result of replacing all free occurrences of a; by s in F{x). 

Fact 16.3 T\-Elimination is admissible in PTA. 

Proof. Assume PTA I- r\xF{x). p{s)^p{s) is classically valid and hence, by Match, CL4 h 
P{s)^P{s). Prom here, by U-Choose, CL4 h nxP{x)^P{s). Then, by CL4-Instantiation, PTA h 
nxF{x) F{s). Now, by Modus Ponens, PTA h F{s). U 



16.4 u -Elimination 

FiU...uF„ Fi^^ ... Fn^E 
E 

Fact 16.4 u -Elimination is admissible in PTA. 

Proof. Assume PTA proves all premises. For each i G {1, . . . , n}, the formula 

Pi A (_L ^ T) A ... A{-L^T) /\{pi^q) A {±^T) A ... A (_L T) ->■ g 
is a classical tautology and hence an axiom of CL4. By Wait from the above, we have 

CL4 \- Pi A {Pi ^Q) A ... A (Pi_i Q) A {pi -^q)A (Pj+i Q) A . . . A (P„ Q) 
Now, by Match applied twice, we get 

CL4 h PiA{Pi^Q)A ... A{Pn^Q)^Q. 

We also have 

CL4 h _L A (_L -> T) A . . . A (_L ^ T) ^ _L 
because the above formula is a classical tautology. From the last two facts, by Wait, we find 

CL4 h (Pi u . . . u p„) A (Pi ^ Q) A . . . A (p„ ^ g) ^ g 

and hence, by CL4-Instantiation, 

PTA \- {FiU . . . u Fn) A {Fi ^ E) A . . . A {Fr, ^ E) ^ E. 

As all of the conjuncts of the antecedent of the above formula are PTA-provable by our original assumption. 
Modus Ponens yields PTA \- E. M 

As an aside, one could show that the present rule with V instead of U , while admissible in classical 
logic, is not admissible in PTA or CL3-based applied theories in general. 

16.5 Wecikening 

£;^[G'i V . . . V Grn V iJi V . . . V i?„] 

£;^[Gi V . . . V G„ V P V ifi V . . . V ' 

where m, n > and m + n ^ 0. 

Fact 16.5 Weakening is admissible in PTA. 

Proof. Assume PTA proves the premise. It is not hard to see that Premises Conclusion can be 
obtained by CL4-Instantiation, so it is also provable in PTA. Hence, by Modus Ponens, PTA proves the 
conclusion. ■ 
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16.6 n -Introduction 



E^[F^] ... E^[F„] 

Sv[F^n ... nF„] 

Fact 16.6 n -Introduction is admissible in PTA. 

Proof. Assume PTA proves each of the n premises. Let G be the V -disjmiction of all subformulas of 
n . . . n Fn], other than the indicated occurrence of i^i n ... n Fn, that do not occur in the scope of 
any operators other than V and whose main operator (if nonatomic) is not V . We want to first verify the 
rather expected fact that PTA \- FiV G for each i (expected, because, modulo the associativity of V , the 
formulas £'^[Fi] and FiW G are the same). Indeed, E'^[Fi] FiW G can be easily seen to be obtainable by 
CL4-Instantiation. Then, FiV G follows by Modus Ponens. In a similar manner one can show that whenever 
PTA h (Fi n . . . n F„) V G, we also have PTA \- E"^[Fin ... n i^„]. So, in order to complete our proof of 
Fact 116.61 it would suffice to show that 

PTA h (Fi n . . . n F„) v G. (28) 

From PTA h Fi V G, . . . , PTA h Fi V G and the obvious fact that PTA h T, by Wait, we get 

PTAh (Fi vG)n ... n(F„vG). (29) 

Next, pVq^pVq is an axiom of CL4. From it, by Match applied twice, we get CL4 \- PiW Q ^ PiV Q 
(any z G {1, . . . , n}). Now, by U -Choose, we get 

CL4 h (Pi V Q) n . . . n (P„ v Q) ^ v Q. 

From here and from (the obvious) CL4 h T — T V _L, by Wait, we get 

CL4 h (Pi V Q) n . . . n (P„ V g) ^ (Pi n . . . n P„) v Q. 
The above, by CL4-Instantiation, yields 

PTA h (Fi V G) n . . . n (F„ V G) ^ (Fi n . . . n F„) V G. (30) 
Now, the desired ([Ml) follows from ([29]) and dSO]) by Modus Ponens. ■ 

It is worth pointing out that the present rule with A instead of n , while admissible in classical logic, is 
not admissible in PTA or CL3-based applied theories in general. 

16.7 n-Introduction 

FV[na;F(a;)]' 

where x is any (non-b) variable, F(x) is any formula, s is any non-b variable not occurring in the conclusion, 
and F(s) is the result of replacing all free occurrences of a; by s in F(x). 

Fact 16.7 ri- Introduction is admissible in PTA. 

Proof. Assume PTA h F^ [F(s)]. Let G be the V -disjunction of ah subformulas of F^[nxF(x)], other 
than the indicated occurrence of \~\xF{x), that do not occur in the scope of any operators other than V 
and whose main operator (if nonatomic) is not V . As in the previous subsection, we can easily find that 
PTA h F(s) V G, and that whenever PTA h nxF{x) V G, we also have PTA h F^[na;F(a;)]. So, in order 
to complete our proof of Fact 116.71 it would suffice to show that 

PTA h na;F(a;) V G. (31) 
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From PTA h F{s) V G and the obvious fact that PTA h T, by Wait, we get 

PTAhnt/(F(y)vG), (32) 

where y is a "fresh" variable — a variable not occurring in F{s) V G. 

Next, p{t) V g — !> p{t) V q is an axiom of CL4. From it, by Match applied twice, we find that CL4 proves 
P{t) VQ^ P{t) V Q. Now, by U-Choose, we get CL4 h ny{P{y) V Q) P{t) V Q. From here and from 
(the obvious) CL4 h T T V _L, by Wait, we get CL4 h VAy{P{y) V Q) -> VAxP{x) V Q. This, by CL4- 
Instantiation, yields 

PTA h n?/(F(?;) VG) ^na:F(a:) VG. (33) 
Now, the desired (|3ip follows from ()32|) and (pS)) by Modus Ponens. ■ 

We are again pointing out that the present rule with V instead of while admissible in classical logic, 
is not admissible in PTA or CL3-based applied theories in general. 

17 Formal versus informal arguments in PTA 

We have already seen a couple of nontrivial formal PTA-proofs, and will see more later. However, continuing 
forever in this style will be hardly possible. Little by little, we will need to start trusting and relying on 
informal arguments in the style of the argument found at the beginning of the proof of Lemma 113.11 or the 
arguments that we employed when discussing the PTI rule in Section [141 Just as in PA, formal proofs in 
PTA tend to be long, and generating them in every case can be an arduous job. The practice of dealing 
with informal proofs or descriptions instead of detailed formal ones is familiar not only from the metatheory 
of PA or similar systems. The same practice is adopted, say, when dealing with Turing machines, where 
full transition diagrams are typically replaced by high-level informal descriptions, relying on the reader's 
understanding that, if necessary, every such description can be turned into a real Turing machine. 

In the nearest few sections we will continue generating formal proofs, often accompanied with underlying 
informal arguments to get used to such arguments and see that they are always translatable into formal ones. 
As we advance, however, our reliance on informal arguments and the degree of our "laziness" will gradually 
increase, and in later sections we may stop producing formal proofs altogether. 

The informal language and methods of reasoning induced by computability logic and clarithmetic or 
ptarithmetic in particular, are in the painful initial process of forming and, at this point, can be characterized 
as "experimental" . They cannot be concisely or fully explained, but rather they should be learned through 
experience and practicing, not unlike the way one learns a foreign language. A reader who initially does 
not find some of our informal PTA-arguments very clear or helpful, should not feel disappointed. Both the 
readers and the author should simply keep trying their best. Greater fluency and better understanding will 
come gradually and inevitably. 

At this point we only want to make one general remark on the informal PTA-arguments that will be 
employed. Those arguments will often proceed in terms of game-playing and problem-solving instead of 
theorem-proving, or will be some kind of a mixture of these two. That is, a way to show how to prove a 
formula F will often be to show how to win/solve the game/problem F. The legitimacy of this approach is 
related to the fact that the logic CL3 underlying PTA is a logic of problem-solving and, as such, is complete 
(Theorem 110. Sp . That is, whenever a problem F can be solved in a way that relies merely on the logical 
structure of F — and perhaps also those of some axioms of PTA — then we have a guarantee that F can 
as well be proven. Basic problem-solving steps are very directly simulated (translated through) the rules of 
CL3 or some derivative rules in the style of the rules of the previous section, with those rules seen bottom-up 
(in the "from conclusion to premises" direction). For instance, a step such as "choose the ith disjunct in 
the subformula/subgame Fi U ... U F„" translates as a bottom-up application of U -Choose which replaces 
Fi U ... uF„ hy Fi] a step such as "specify a; as s in Ua;F(a;)" translates as a bottom-up apphcation of 
U-Choose; a step such as "wait till the environment specifies a value s for x in nxF(x)" translates as a 
bottom-up application of Fl-Introduction; etc. Correspondingly, an informally described winning/solution 
strategy for F can usually be seen as a relaxed, bottom-up description of a formal proof of F. 
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18 Some admissible induction rules of PTA 



The present section introduces a few new admissible rules of induction. These rules are weaker than PTI, 
but are still useful in that, in many cases, they may offer greater convenience than PTI does. 

18.1 WPTI 

Here we reproduce rule ([T7|) discussed in Section [HI and baptize it as "WPTI" ( "W" for "Weak" ) : 

F(0) F{s)^F{s') 
S<T F{s) ' 

where s is any non-b variable, F{s) is any formula, and r is any b-term. 

Theorem 18.1 WPTI is admissible in PTA. 

Idea. WPTI is essentially nothing but PTI with T in the role of E{s). m 

Proof. Assume s, F{s), r are as stipulated in the rule, and PTA proves both F{0) and F{s) ^ F{s'). 
The following formula matches the CL4-provable (P — ^ Q) — ^ (T A P — ^ T n (Q A T)) and hence, by CL4- 
Instantiation, is provable in PTA: 

{F{s) F{s')) -^(t A F{s) ^ T n (F(s') A T)) . (34) 

By Modus Ponens from F{s) — )> F{s') and (|34l) . we find that PTA proves 

T A F{s) ^ T n (F(s') A T) . (35) 

Similarly, F{0) — )• T A F{o) is obviously provable in PTA by CL4-Instantiation. Modus-ponensing this 
with our assumption PTA h F(o) yields PTA h T A F{0). From here and (HU, by PTI with T in the role 
of E{s), we find that PTA proves s<t ^ T A F{s). But PTA also proves T A F{s) F{s) because this is 
an instance of the CL4-provable T A P ^ P. Hence, by Transitivity, PTA h s<r — !> F{s), as desired. ■ 



18.2 BSI 

What we call BSI (Binary-Successor-based Induction) is the following rule, where s is any non-b variable 
and F{s) is any formula: 

F(0) F{s) F{sO)nF{sl) 

W) ■ 

Theorem 18.2 BSI is admissible in PTA. 

Idea. We manage to reduce BSI to WPTI with na;(|x| <s — > F{x)) in the role of F{s) of the latter. ■ 
Proof. Assume s, F{s) are as stipulated in the rule, 

PTA h F(0) (36) 

and 

PTAhP(s)^P(sO)nF(sl). (37) 
Let us observe right now that, by Fl-Introduction, ([57]) immediately implies 

PTAh\lx{F{x)^F{xO)nF{xl)). (38) 

The goal is to verify that PTA h F(s). 
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An outline of our strategy for achieving this goal is that we take the formula na;(|a;| <i -> F{x)) — let us 
denote it by G{t) — and show that both G(0) and G{t) G{t') are provable. This, by (the already shown 
to be admissible) WPTI, allows us to immediately conclude that t < b — >■ G{t) is also provable, which, in turn, 
implies that so is ny(y<b^G{y)^, and hence b<b— >G(b), and hence G(b). G(b) asserts that, for any 
(□) given X whose length does not exceed b, we can solve F{x). But the length of no x that we consider 
exceeds b, so that G(b), in fact, simply says that (we can solve) F{x). Formalizing this argument in PTA 
and taking s for x yields the desired conclusion PTA h F{s). 

In following the above outline, we first claim that PTA h G(o), i.e., 

PTA h na;(|a;|<O^F(a;)). (39) 

An informal argument here is that, since no constant is of length 0, |a;|<0 is false, and hence the problem 
a;| <0 — j> F{x) is automatically "solved" (i.e., won without any moves by T) no matter what F{x) is. Formally, 
PA and hence PTA proves the true fact <0. PTA also proves ~^\v\ <0 — > (\v\ <0 — > F{v)^, as this is an 
instance of the CL4-provable -^p^{p^Q). Then, by Modus Ponens, PTA h \v\<0 F{v), whence, by 
□-Introduction, PTA h r\x[\x\<0 ^ F{x)) , as desired. 
Our next goal is to show that PTA h G(t) G{t'), i.e., 

PTA h nx{\x\<t~^F{x)) ^nx{\x\<t' ~^F{x)). (40) 

This can be done by showing the PTA-provability of 

Ux{\x\<t^F{x)) ^\v\<t' ^F{v), (41) 

from which (j40|l follows by Fl-Introduction. 

Let us first try to justify ((4T|) informally. Consider any t, v with |ti|<t', and also assume that (a single 
copy of) the resource na;(|a;| <i F{x)) is at our disposal. The goal is to establish F{v). F{Q) is immediate 
by In turn, by ([57)l . F(0) easily implies F{1). Thus, we are done for the case v<l. Suppose now v>l. 
Then (unlike the case v<l), remembering that |?;|<f', v must have a binary predecessor r with \r\<t. By 
Axiom 12, we can actually find such an r and, furthermore, tell whether w = rO or v = r\. Specifying x as 
r in the antecedent of (HJ), we can bring it down to the resource \r\<t ^ F{r) and — as we already know 
that \r\<t — essentially to the resource F[r). By ([55]) . the resource V\x(^F{x) -^F{xQi) nF(a;l)) and hence 
F{r) — >• F(rO) n F{rl) is also available. This is a resource that consumes F{r) and generates F(rO) n F{rl). 
Feeding to its consumption needJ^ our earlier-obtained F(r), we thus get the resource F(rO) n F[rl). As 
noted earlier, we know precisely whether v = rQ or v = r\. So, by choosing the corresponding n -conjunct, we 
can further turn F(rO) n F{rl) into the sought F{v). 

Strictly verifying (|4T1) is quite some task, and we break in into several subtasks/subgoals. 

Our first subgoal is to show that PTA proves the following: 

u = U t; = 0' U w>0', (42) 

implying our ability to (efficiently) tell whether u is 0, 1, or greater than 1. For simplicity considerations, 
in our earlier informal justification of (j4ip . we, in a sense, cheated by taking this ability for granted — or, 
rather, by not really mentioning the need for it at all. Some additional evidence of such "cheating" can be 
discovered after reading the later parts of the present proof as well. 

Informally, an argument for (1421) goes like this. Due to Axiom 12, we can find the binary predecessor r of 
V. Moreover, due to the same axiom, we can tell whether v = rQ or v = rl. Using Axiom 9, we can further tell 
whether r = or n^O. So, we will know precisely which of the four combinations v = rO Ar = 0, v = rl Ar = 0, 
v = rO Ar^O, v = rl Ar^O is the case. From PA, we also know that in the first case we have v = 0, in the 
second case we have v = l, and in the third and the fourth cases we have v>l. So, one oi v = 0, v=l, v>l will 
be true and, moreover, we will be able to actually tell which one is true. 

Below is a full formalization of this argument: 

1. s = OUs?sO Axiom 9 

2. na;(a; = U XT^O) Fl-Introduction: 1 

^^Do you see or feel a possible application of MP, or TR, or Match behind this informal phrase? 
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3. Ua;(w = a;0 U u = a;l) Axiom 12 

4. r = OAv = rO ^ v = PA 

5. r = OAv = rO i; = U w = 0' U > O' U-Choose:4 

6. r^OAv = rO v>0' PA 

7. r^OAv = rO i; = U w = 0' U > O' u-Choose:6 

8. {r = OUr^O) Av = rO t; = U u = 0' U t;>0' n -Introduction: 5,7 

9. na;(a; = U XT^O) A u = rO w = U i; = 0' U w>0' U-Choose: 8 

10. r = OAv^rl v = 0' PA 

11. r = OAv^rl i; = OUt; = 0'ui;>0' U -Choose: 10 

12. r^OAv^rl v>0' PA 

13. r^OAv = rl t; = U t) = 0' U t; >0' U-Choose: 12 

14. (r = U r?sO) A w = rl u = U i; = 0' U i;>0' n -Introduction: 11,13 

15. na;(x = U x^O) A u = rl ^ w = U w = 0' U w>0' U-Choose: 14 

16. nx{x = OU XT^o) A {v = rOuv = rl) ^ w = U i; = 0' U w>0' n -Introduction: 9,15 

17. na;(a; = U XT^O) A Ua;('y = a;0 U t; = a;l) i; = U w = 0' U i; > O' Fl-Introduction: 16 

18. 'y = OU'i; = 0' U'i;>0' MP: 2,3,17 

The theoremhood of ([1^ thus has been verified. 

Our next subgoal is to show that each disjunct of p2| implies (|4ip . that is, that each of the following 
formulas is provable in PTA: 

v = 0^ nx{\x\<t-* F{x)) \v\<t' F{v) (43) 

v = 0' nx{\x\<t^ F{x)) \v\<t' F{v) (44) 
v>0' ^nx{\x\<t^ F{x)) -^\v\<t' ^ F{v) (45) 
To see the provability of observe that CL4 proves the formula 

Pif)^g = f^Pig). (46) 

The formula F{0) — > w = — >• F{v) is an instance of (|^ and therefore is provable in PTA. By F{0) is 
also provable. Hence, by Modus Ponens, PTA h u = — s> F{v). From here, by Weakening applied twice, we 
find the desired PTA h 

The PTA-provability of (HJ) is established as follows: 

1. \Jx{x = 0) Axiom 8 

2. F(0) s = 0^ F{s) CL4-Instantiation, matches ([M]) 

3. s = O^F{s) MP: p6l).2 

4. s = O^F{sO)nF{sl) TR: 3. ([571 

5. F(sO) n F(sl) -> F(sl) CL4-Instantiation, matches P n Q ^> Q 

6. s = 0->F(sl) TR: 4,5 

7. (s = O^F(sl)) ^ (s = O^F(Ol)) CL4-Instantiation, matches {s = f ^ Pig{s))) ^ {s = f ^ P{g{f))) 

8. s = O^F(Ol) MP: 6,7 

9. Ua;(a:: = 0)^F(01) Fl-Introduction: 8 

10. F(Ol) MP: 1,9 

11. 01=0' PA 

12. F(Ol) A 01 = 0' ^ F(O') CL4-Instantiation, matches P(/) A/ = 5^P(5i) 

13. P(O') MP: 10,11,12 

14. P(O') -^v = 0' ^ F{v) CL4-Instantiation, matches ([46]) 
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15. v = 0'^F{v) MP: 13,14 

16. v = 0' ^nx(\x\<t^ F{x)) -^\v\<t' F{v) Weakening (twice): 15 

Finally, to construct a proof of (H5|) . observe that the following formula is valid in classical logic: 

(pi(/) AP2(/) ^Pa) ^ (pA^Pbif)) /\v = f P2{v) (ps^Pi) Pi{v)^ Pbiv). 

Hence, by Match applied twice, CL4 proves 

(Pl(/)AP2(/)^P3) ^ {P^Q{f))^v = f ^ p2iv) ^ {P3^P) ^ piiv)^ Qiv). (47) 

The following two formulas are instances of (|47)) . and are therefore provable in PTA: 

(|rO|<i' ArO>0' ^ \r\<t) {F{r) ^ F{rO)) A v = rQ ^ v>0' ^ {\r\<t ^ F{r)) \v\<t' ^ F{v). (48) 

(|rl|<i' Arl>0' ^ \r\<t) {F{r) ^ F{rl)) A v = rl ^ v>0' ^ {\r\<t ^ F{r)) \v\<t' ^ F{v). (49) 
Now, the following sequence is a PTA-proof of (j45|: 

1. L\x{v = xO Llv = xl) Axiom 12 

2. |rO|<i'ArO>0'^|r|<i PA 

3. {F{r) ^ F{rO)) Av^r0^v>0' ^ {\r\<t^ F{r)) ^\v\<t' ^ F{v) MP: ^,2 

4. {F{r) F{rO)nF{rl)) Av^rO ^ v>0' ^ {\r\<t ^ F{r)) \v\<t' ^ F{v) U-Choose: 3 

5. |rl|<t'Arl>0'^|r|<i PA 

6. {F{r) ^ F{rl)) Av^rl^v>0' ^ {\r\<t^ F{r)) ~^\v\<t' ^ F{v) MP: 

7. {F{r) ^ F(rO)nF{rl)) Av = rl ^ v>0' ^ {\r\<t ^ F{r)) \v\<t' ^ F{v) U-Choose: 8 

8. (F(r) ^F(rO) nF(rl)) A {v = rO Uv = rl) ^ v>0' ^ {\r\<t ^ F{r)) \v\<t' ^ F{v) n-Intro: 4,7 

9. nx{F(x) ^ F{xQ) n F{xl)) A{v = rOuv = rl) ^v>0' ^nx{\x\<t~^ F{x)) \v\<t' ~> F{v) U-Chooses: 

10. nx{F{x) ^ F{xO) n F{xl)) a\Jx{v = xQuv = x1) ^ v>0' ^nx{\x\<t ^ F{x)) \v\<t' ^ F{v) Fl-Intro: 

11. v>0' ^\lx{\x\<t^F{x)) ^\v\<t' ^F{v) MP: (I38l),l,10 

The provability of each of the three formulas (jlSj) . (|44|) and (j43|) has now been verified. From these three 
facts and the provability of ((42|) . by U -Elimination, we find that PTA proves (|4T|) . This, in turn, as noted 
earlier, imphes (gOl). Now, from ([211) and (gOl), by WPTI, we find that 

PTA h t<b^\lx{\x\<t^F{x)). 

The above, by Fl-Introduction, yields PTA h ny(^y<b — ^ na;(|x| <y ^ F(a;))^ , from which, by Fl-Elimination, 

PTA h b<b^\lx{\x\<b~¥F{x)). But PA h b<b. So, by Modus Ponens, PTA h \lx{\x\<b ^ F{x)) , from 
which, by Fl-Elimination, PTA h |s| < fa — ^ This, together with Axiom 13, by Modus ponens, yields the 

desired conclusion PTA h F{s). ■ 



18.3 An illustration of BSI in work 

In this section we prove one PTA-provability fact which, with the soundness of PTA in mind, formally 
establishes the efficient decidability of the equality predicate. The proof of this fact presents a good exercise 
on using BSI, and may help the reader appreciate the convenience offered by this rule, which is often a more 
direct and intuitive tool for efficiency-preserving inductive reasoning than PTI is. 

Lemma 18.3 PTA\~ r\xr\y{y = xUy^x). 
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Idea. Using BSI, prove \~\y{y = s U y^s), from which the target formula folfows by ri-Introduction. ■ 

Proof. Let us first give an informal justification for nxny{y = x U y^x). We proceed by BSI-induction 
on s, where the formula F(s) of induction is ny{y = sUy^s). By Axiom 9, for an arbitrary y, we can tell 
whether y = or y^O. This takes care of the basis (left premise) 

ny{y = OUy^O) (50) 

of induction. For the inductive step (right premise) 

r\y{y = s U y^s) -s> r\y{y = sO Uy^^sO) n r\y{y = sl Uy^sl), (51) 

assume the resource r\y{y = s UyT^s) is at our disposal. We need to show that we can solve 

r\y{y = sO Uy^sO)n ny(y = sl U y^^sl), 

i.e., either one of the problems ny{y = sO\Jy^sO) and ny{y = sl\Jy^sl). Let us for now look at the first 
problem. Consider an arbitrary y. Axiom 12 allows us to find the binary predecessor r of y and also tell 
whether y = rO or y = rl. If y = rl, then we already know that y^sO (because sO is even while rl is odd). And 
if y = rO, then y = sO — i.e. rO = sO — iff r = s. But whether r = s we can figure out using (the available single 
copy of) the resource ny(y = s U y^s). To summarize, in any case we can tell whether y = sO or y^sO, meaning 
that we can solve ny{y = sO U y^sQ). The case of \~\y{y = sl U y^^sl) is handled in a similar way. Then, by 
BSI, (1501) and (I5ip imply ny(s = y U s^^y), which, in turn (by Fl-Introduction), implies nxny{x = y U XT^y). 
The above informal argument can be formalized as follows: 

1. s = OUs?^0 Axiom 9 

2. ni/(j/ = OU 2/7^0) ri-Introduction: 1 

3. \Jx{t = xOut = xl) Axiom 12 

4. t = rO ^ r = s ^ t = sO Logical axiom 

5. t = r0^r = s^t = sOut^sO U-Choose:4 

6. t = r0^r^.s^t^sO PA 

7. t = r0^r^s^t = sOut7^sO u-Choose:6 

8. t = rO ^ r^s Ur^^s ^t^sOut^sO n -Introduction: 5,7 

9. t = rO ^r\y{y = sUy^s) ^t = sOut^sO U-Choose: 8 

10. t = rl^t^sO PA 

11. t = rl ^r\y{y = sUy^s) ~^t^sO Wakening: 10 

12. t = rl -^r\y{y = sUy^s) ^t^sOut^sO U-Choose:ll 

13. t = rOut = Tl ^r\y{y = sUy7^s) ^t^sOutTisO n -Introduction: 9,12 

14. L\x{t = xOut = xl) ^ny{y = sUy7^s) ^t = sOut^sO Fl-Introduction: 13 

15. ny{y = suy,^s) ^t = sOut^sO MP: 3,14 

16. ny{y = s\Jy^s) ~^\~\y{y = sOuy^sO) Fl-Introduction: 15 

17. t = rl ^r = s ^t = sl Logical axiom 

18. t = rl ^r = s ^t = slutTtsl U-Choose:17 

19. t = rl ^r^s ^t^sl PA 

20. t = rl ^rT^s ^t^slut^sl U-Choose:19 

21. t = rl ^r = sUr^s ^t = slut7isl n -Introduction: 18,20 

22. t = rl-^ny{y = sUy^s) ^t = slut7isl U-Choose: 21 

23. t = rO-^t9^sl PA 

24. t = rO-^ny{y = sUy^s) -^t^sl Weakening: 23 

25. t = rO -^r\y{y = sUy9ts) ^t = slut7isl U-Choose: 24 
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26. t = r0ut = rl^ny{y = suy7^s)^t = slut7^sl n -Introduction: 25,22 

27. L\x{t = xOut = xl) -^r\y{y = sUy^s) -^t = slut^sl Fl-Introduction: 26 

28. ny{y = suy^s) '^t = slut^sl MP: 3,27 

29. ny{y = sUy^s) -^ny{y = slUy7isl) Fl-Introduction: 28 

30. ny{y = sUy7^s) -^ny{y = s0uy7is0)nny{y = sluy7isl) n -Introduction: 16,29 

31. \ly{y = suy7^s) BSI: 2,30 

32. nx\~\y{y = x Uy^x) Fl-Introduction: 31 ■ 



18.4 PTI+, WPTI+ and BSI+ 

The conclusion of PTI limits s to "very small" values — those that do not exceed (the value of) some b-term 
r. On the other hand, the right premise of the rule does not impose the corresponding restriction s<r on s, 
and appears to be stronger than necessary. Imposing the additional condition |s'|<b on s in that premise 
also seems reasonable, because the size of s in the conclusion cannot exceed b anyway, and hence there is no 
need to prove the induction hypothesis for the cases with |s'| > b0 So, one might ask why we did not state 
PTI in the following, seemingly stronger, form — call it "PTI+" : 

£^(0) A F(0) s<TA\s'\<bA E{s) A F{s) ^ E{s') n (F(s') A E{s)) 

s<T^E{s) aF{s) 

(with the same additional conditions as in PTI.) 

The answer is very simple: PTI-I-, while being esthetically (or from the point of view of simplicity) inferior 
to PTI, does not really offer any greater deductive power, as implied by the forthcoming Theorem 118.61 

The following two rules — call them WPTI+ (left) and BSI+ (right) — are pseudostrengthenings of 
WPTI and BSI in the same sense as PTI+ is a pseudostrengthening of PTI: 

F(0) s<T /\\s'\<bAF{s)^F{s') F(0) \sO\<b A F{s) ^ F{sO) n F{sl) 

s<T^F{s) F{s) 

where s is any variable different from b, F{s) is any formula, and r is any b-term. 

Theorem 18.4 WPTI+ is admissible in PTA. 

Idea. WPTI+ is essentially a special case of WPTI with \s\<b s<t F{s) in the role of F{s). m 

Proof. Assume s, F{s), r are as stipulated in the rule, 

PTA h F(0) (52) 

and 

PTA h s<TA\s'\<bAF{s)^F{s'). (53) 

Our goal is to verify that PTA h s<t ^ 
From by Weakening applied twice, we get 

PTA h |0|<b^0<T^F(0). (54) 

Next, observe that 

CL4 F [qi A 92 ^ Pi A P2 A ps) A {pi Aq2 A P ^ Q) ^ (p3 P2 ^ P) ^ {q2 qi ^ Q) ■ 

^^The condition s<t would not automatically imply |s'|<b: in pathological cases where b is "very small", it may happen 
that the first condition holds but the second condition is still violated. 
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Hence, by CL4-Instantiation, we have 

PTA h {s'<T A\s'\<b^s<T As<T A\s\<b) A {s<t A\s'\<b A F{s) ^ F{s')) 
{\s\<b^s<T^F{s)) {\s'\<b^s'<T^F{s')). 



(55) 



We also have PA h s' <t A\s'\<b ^ s<t A s<t A\s\<b. This, together with ([331) and ([SS]), by Modus 
Ponens, yields 

PTA h {\s\<b^s<T^F{s)) ^ {\s'\<b^s'<T^F{s')). (56) 
From ISll) and dSl]), by WPTI, we get 

PTAh s<T^{\s\<b^s<T^F{s)). (57) 

But CL4 h (p — > (? — ^ Q)) (q^P^ Q) and hence, by CL4- Instantiation, 

PTA h (.s<T^ (|s|<b^s<T^F(s))) ^ (|s|<b^s<r^F(s)). 



Modus-ponensing the above with ([57]) yields PTA h |s| < b ^« s<t — > F(s). Now, remembering Axiom 13, by 
Modus Ponens, we get the desired PTA h s<t F{s). ■ 

Note that the above proof established something stronger than what Theorem 118.41 states. Namely, our 
proof of the admissibility of WPTI+ relied on WPTI without appeahng to PTI. This means that WPTI+ 
would remain admissible even if PTA had WPTI instead of PTI. It is exactly this fact that justifies the 
qualification "pseudostrengthening of WPTI" that we gave to WPTI+. The same applies to the other two 
pseudostrengthening rules PTH- and BSI+ discussed in this subsection. 

Theorem 18.5 BSI+ is admissible in PTA. 

Idea. BSI+ reduces to ESI with |s|<b ^F(s) in the role of i^(s). ■ 

Proof. Assume s, F{s) are as stipulated in the rule, 

PTA h F(0) (58) 

and 

PTAh \sO\<b A F{s) F{sO) n F{sl). (59) 

Our goal is to verify that PTA h F{s). 
From ([55]) . by Weakening, we have 

PTAh |0|<b^F(0). (60) 

Next, in a routine (analytic) syntactic exercise, one can show that 

CL4 h {po Vpi^poAq) A (po aQ^Fo nPi) -^{q^Q)^ (pq^Pq) n (pi^Pi). 

Hence, by CL4-Instantiation, 

PTA h (|sO|<b v|sl|<b^ |sO|<bA|s|<b) A {\sO\<b A F{s) ^ F{sO)n F{sl)) ^ , , 

(|s|<b->F(s)) (|sO|<b^i^(sO)) n (|sl|<b^F(sl)). ^ ' 

But PA h |.sO| < b V |.sl| < b ^ |sO| < b A \s\ < b. This, together with ^ and dHU), by Modus Ponens, yields 

PTA h (|s|<b-^i^(s)) (|sO|<b-->i^(sO)) n (|sl| < b ^ F(sl)). 

The above and ([SO]) , by BSI, yield PTA h \s\<b ^ F{s). Finally, modus-ponensing the latter with Axiom 
13, we get the desired PTA h F{s). ■ 
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Theorem 18.6 PTI+ is admissible in PTA. 



Idea. PTI+ reduces to PTI with |s| < b — )► s <t ^ ^{3) and |s| < b ^ s <t — )> F{s) in the roles of E{s) and 
F(s), respectively. 

The present theorem will never be relied upon later, so, a reader satisfied with this explanation can safely 
omit the technical proof given below. ■ 

Proof. Assume s, E{s), F{s), r are as stipulated in the rule, 

PTA h E{0) A F(0) (62) 

and 

PTA h s<T A \s'\ < b A E{s) A F{s) ^ E{s') n {F{s') A E{s)). (63) 
Our goal is to show that PTA \- s<t^ E{s) a F{s). 

CL4 proves P A Q ^ (^p ^ q ^ P) A {p ^ q ^ Q) and hence, by CL4-Instantiation, 

PTA h £;(0) aF(0) ^ (|0|<b^0<T^£:(0)) a (|0|<b^0<T^F(0)). 
Modus-ponensing the above with (15^ yields 

PTA h (|0|<b^0<r^£;(0)) A (|0|<b^O<r^F(0)). (64) 
Next, in a routine syntactic exercise we observe that 

CL4 h ^(p A g) ^ Q A Pi ^ (g ^ P2) n ((g ^ p ^ P3) A Q). 
Hence, by CL4-Instantiation, 



PTA h -^{s'<TA\s'\<b) ^ {\s\<b-^s<T-^E{s)) A (|s| < b -> s<t ^ P(s)) ^ 
{\s'\<b^s'<T^E{s')) n (^{\s'\<b^s'<T^F{s')) A (|s| < b ^ .s<r ^ P(s))) . 

In another syntactic exercise we find that 

CL4 h {p2 A q2 ^ pi A qi Apo) A {po A 172 A Pi A Qi ^ P2 □ {Q2 n Pi)) P2 A q2 ^ 

{qi -^pi^Pi) A{qi^pi^ Qi) {q2^P2^P2) n ((^2 ^P2 Q2) n (91 ^pi ^Pi)). 



Since this "exercise" is longer than the previous one, below we provide a full proof of (|66p: 
^ (p2Ag2^Pi Agi Apo)A(poA92Ap3Ag3^T)^P2Ag2^ Tautology 

{qi^Pi^Pd) ^{ql^Pl^q^) 

2 {p2 A 92 Pi A gi A Po) A (po A 92 A p3 A 93 P4) ^ P2 A 92 Tautolo 
(91 ^Ps) A (91 ->-pi ^ 93) ^ (92 -S-P2 ^P4) au o ogy 

3 (P2 A 92 ^pi A 91 Apo) A (po A 92 Ap3 A 93 ^ P2) ^ P2 A 92 ^ Match' 2 

(91 ^Pl ^P3) A (91 ^Pl ^93) ^ (92 ^P2 ^P2) 

^ (P2 A 92 ^pi A 91 Apo) A (po A 92 Ap3 A 93 P2 n {Q2 A Pi)) ^P2 A 92 ^ ^ Choose' 3 
(91 Pl ^ P3) A (91 pi ^ 93) ^ (92 P2 ^ P2) 

g (P2 A 92 ^ Pi A 9i A Po) A (po A 92 A P3 A 93 ^ 94 A P4) ^ P2 A 92 ^ Tautolog 
(91 ^Pl ^Ps) A (91 ^Pl ^93) ^ (92 -^P2 ^94) A (91 ^Pl ^P4) ^ ^ 

6. b2A92^PiA9i Apo)A(poA92Ap3A93^Q2APi)^P2A92^ Match (twice): 5 
(91 ^Pi ^Pa) A (91 ^Pi ^93) ^ (92 ^P2 ^^2) A (91 ^Pi ^Pi) 

y (P2 A 92 ^pi A 91 Apo) A (po A 92 Ap3 A 93 ^ P2 n {Q2 A Pi)) ^P2 A 92 ^ ^ -Choose' 6 
(91 ^Pl ^Ps) A (91 ^Pl ^93) ^ (92 ^P2 ^(32) A (91 ^Pl ^Pl) 



(65) 



(66) 



(P2 A 92 Pi A 91 A Po) A (po A 92 Ap3 A 93 ^ P2 n {Q2 A Pi)) ^P2 A 92 ^ 

(91 ^Pl ^P3) A (91 ^pi ^ 93) ^ (92 ^P2 ^ P2) n ((92 ^P2 ^ Q2) A (91 -^Pl^ Pi)) 



Wait: 1,4,7 
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PTA h {s' <T A\s'\<b ^ s<T A\s\<b A s<t) A 
(s<r A < b A E{s) A F{s) ^ E{s') n (F(s') A E{s)) 
s' <T A\s'\<b ^ (\s\<b ^ s<T ^ E{s)) A (\s\<b ^ s<T ^ F{s)) 
{\s'\<b^s'<T^E{s')) n ({\s'\<b-^s'<T^F{s')) A {\s\<b ^ s<t ^ E{s)) 



Q (^P2Aq,^p,Aq,Apo)A{poAq2AP,AQ,^P,n{Q,AP,))^P2^q2^ Match (twice): 8 

[qi -^Pi-^ Pi) /\iqi^Pi -^Qi) ^ [q2^P2'^ P2)n [{q2^P2^Q2) ^[qi ^Pi^ Pi)) 

The formula below matches the formula of (|66|) and therefore, by CL4-Instantiation, 



(67) 



Obviously we have PA \- s' <t A \s'\<b ^ s<t A \s\<b A s <t. This fact, together with and dlT]), by 
Modus Ponens, implies 

PTA h s' <T A\s'\<b ^ {\s\<b ^ s<T E{s)) A {\s\<b s<t F{s)) 

{\s'\<b^s'<T-*E{s')) n (^{\s'\<b ^ s' <T ^ F{s')) A {\s\<b s<T ^ E{s))y ^^^^ 

According to the forthcoming Lemmas 119.81 and 119.91 whose proofs (as any other proofs in this paper) 
do not rely on PTI+, we have: 

For any term 0, PTA h -^\0\ <bu \Jz(z = e); (69) 
FTAh nxny\Jz{x = y + zUy = x + z). (70) 

Below is a proof of the fact that 

PTA h -n{s'<T A\s'\<b) U {s'<T A\s'\<b) : (71) 

1. -^\s'\<buL\z{z = s') (PI with e = s' 

2. -i|s'| < b — ^ -1(5' <r A |s'| < b) Logical axiom 

3. -^\s'\<b^^{s'<T A\s'\<b)u{s'<T A\s'\<b) u -Choose: 2 

4. -|r|<buUz(z = r) (P| with 6> = t 

5. |r|<b Axiom 13 

6. \r\<b^^\T\<b^r = s' ^s'<T A\s'\<b PA 

7. ^|r|<b^r = s'^s'<rA|s'|<b MP: 5,6 

8. -.|r| < b ^ r = s' ^ -.(s'<r A |s'| <b) U (s'<r A |s'| <b) U-Choose:7 

9. U2(t = r + zUr = t + z) Fl-Elimination ftwice): ((70)) 

10. |r| < b A t = r + w ^< = T ^ r = s' s'<r A |s'| <b PA 

11. \r\<b At = r + v ^t = T ^r = s' ^ ^{s' <T A\s'\<b)u {s' <T A\s'\<b) U-Choose: 10 

12. v = OUv^O Axioms 

13. v = 0^\r\<b Ar = t + v -^t = T ^r = s' ^ s' <T A\s'\<b PA 

14. v = 0^\r\<b Ar = t + v ^t^T ^r^s' ^^{s' <T A\s'\<b)u{s' <T A\s'\<b) U-Choose: 13 

15. v^O^\r\<b Ar = t + v ^t = T ^r = s' ^ ^{s' <T A\s'\<b) PA 

16. v^O^\r\<b Ar = t + v ^t = T ^r = s' ^ ^{s' <T A\s'\<b) U {s' <T A\s'\<b) U-Choose: 15 

17. \r\<b Ar = t + v ^t = T ^r = s' ^ ^{s' <T A\s'\<b)u {s' <T A\s'\<b) U -Elimination: 12,14,16 

18. \r\<b A{t = r + vUr^t + v) ^t = T ^r = s' ^ ^{s' <T A\s'\<b)u {s' <T A\s'\<b) n -Introduction: 11,17 

19. \r\<b AL\z{t = r + zUr = t + z) ^t = T ^r = s' ^ ^{s' <T A\s'\<b) U {s' <T A\s'\<b) Fl-Introduction: 18 

20. t^T^r = s' ^^{s'<TA\s'\<b)u{s'<TA\s'\<b) MP: 5,9,19 

21. L\z{z = t) ^r = s' ^ ^{s' <T A\s'\<b)u{s' <T A\s'\<b) Fl-Introduction: 20 

22. r = s' ^^{s' <T A\s'\<b)u{s' <T A\s'\<b) U -Elimination: 4,8,21 

23. \Jz{z = s')^^{s'<T A\s'\<b)u{s'<T A\s'\<b) Fl-Introduction: 22 
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24. -^{s'<T A\s'\<b)u{s'<T A\s'\<b) U -Elimination: 1,3,23 
Now, from ([HI), and dMl), by U -Elimination, we get 

PTA h {\s\<b^ s<T ^ E{s)) A {\s\<b^s<T^F{s)) ^ 

{\s'\<b^s'<T^E{s')) n (^{\s'\<b^s'<T^F{s')) A {\s\<b^s<T^E{s))y ^''^^ 

From dMl) and (1721), by PTI, we get 

PTA h s<T ^ {\s\<b ^ s<T ^ E{s)) A {\s\<b^s<T^F{s)). (73) 
But CL4 obviously proves (p ^ {q ^ p ^ P) A {q ^ p ^ Q)^ {q^p^ P aQ) and hence, by CL4-Instantiation, 

PTA h {s<T ^ {\s\<b ^ s<T ^ E{s)) A (|s|<fa^s<T^F(s))) (|s| < fa ^ s <r ^ £;(s) A i^(s)) . 

Modus-ponensing the above with ([75)1 yields PTA h |s|<fa ^'S<r->£'(s) aF(s), further modus-ponensing 
which with Axiom 13 yields the desired PTA h s<r — E{s) A F{s). ■ 



18.5 BPI 

For any formula E[s), we let E{\s/2\) stand for the formula Vz(s = zO V s = zl -> , asserting that E 
holds for the binary predecessor of s. 

One last rule of induction that we are going to look at is what we call BPI (Binary-Predecessor-based 
Induction): 

f(0) f(b/2j)^F(s) 
F[s) 

where s is any non-fa variable and F{s) is any forniulaP^ 

This rule could be characterized as an "alternative formulation of BSI-I-" , and is apparently equivalent 
to the latter in the sense that replacing PTI with BSI-I- in ptarithmetic yields the same class of provable 
formulas as replacing PTI with BPI. One direction of this equivalence is immediately implied by our proof 
of the following theorem. 

Theorem 18.7 BPI is admissible in PTA. 

Idea. As noted, BPI is essentially the same as BSI+. ■ 

Proof. Assume s, F{s) are as stipulated in the rule, 

PTA h F(0) (74) 

and 

PTAhi^([s/2j)^F(s). (75) 

Our goal is to verify that PTA h F{s). 
We observe that 

CL4 h {p^t = f{s)) A (yz{t = f{z) V q ^ P{z)) ^ Q(0) -^PA P{s) ^ Q((/(s)) 
(bottom- up, apply Match twice and you will hit a classically valid formula). By U-Choose, this yields 
CL4h {p ^ t = f{s)) Anx(yz{x = f{z) V q ^ P{z)) ^ Q{x)j A P(s) ^ Q((/(s)) . 

'^^Those familiar with bounded arithmetics will notice a resemblance between BPI and the version of induction axiom known 
as PIND ([5] [9]). An important difference, however, is that PIND assumes s to be (actually or potentially) V-bound, while in 
our case s, as a free variable, can be seen as □ -bound but by no means as V-bound. 
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The above, together with the obvious fact CL4 h (p — ^ _L) A T — A T ^ _L, by Wait, yields 

CL4I- (p^Ux(a; = /(s))) /\nx(yz{x = f{z) W q ^ P{z)) ^ Q{x)'^ p A P{s) ^ Q{{f{s)) . 
Hence, by CL4-Instantiation, we have 

PTA h (|sO| < fa ^ L\x{x = sO)) A \lx(yz{x = zO \yx = zl^ F{z)) F{x)j \sO\ < b A F{s) F{sO), 
which we abbreviate as 

PTA h (|sO|<fa^Ua;(a; = sO)) Ana;(F([a;/2j) ^F(a;)) ^ |sO| < fa A F(s) -> F(sO). (76) 
In a similar way we find that 

PTA h (|sO|<fa^Ua;(a; = sI)) a\1x{F{[x/2\) F{x)) |sO| < fa A F(s) -> F(sl). (77) 
Now, we construct a sought PTA-proof of F{s) as follows: 



1. 


Hx 


{F{[x/2\)^ 


F{x)) 


□-Introduction: ((75l) 


2. 


\sO 


< fa ^ Ux{x = 


sO) 


Axiom 11 


3. 


\sO 


<faAF(s)^ 


F{sO) 


MP: 2,1,111 


4. 


\sO 


<fa^|sl|<fa 


PA 


5. 


\sl 


< fa ^« \Jx{x = 


si) 


Lemmall3.ll 


6. 


\sO 


<b ^ Ux{x = 


si) 


TR: 4,5 


7. 


\sO 


<faAF(s)^ 


F{sl) 


MP: 6,1,1171) 


8. 


\sO 


<faAF(s)^ 


F{sO) 


n F{sl) n -Introduction: 



9. F{s) BSI+: ^,8 U 



19 Efficient computability through PTA-provabiUty 

In this section we establish several PTA-provability facts. In view of the soundness of PTA, each such fact 
tells us about the efficient solvability of the associated number-theoretic computational problem. 

19.1 The efficient computability of logarithm 

The term "logarithm" in the title of this subsection refers to the size of the binary numeral for a given 
number, which happens to be an integer approximation of the (real) base-2 logarithm of that number. 

Lemma 19.1 PTA h na;Uy(y= |a;|). 

Proof. An outline of our proof is that nxU?/(?/= |a;|) follows by Fl-Introduction from Uy(y=|s|), and 
the latter will be proven by BPI. Let us first try to justify the two premises of BPI informally. 

From PA, we know that the size of is O', and the value of O' can be found using Lemma [13.31 This 
allows us to resolve Uj/(j/=|0|), which is the basis of our BPI-induction. 

The inductive step looks like 

Uyiy=\ls/2\\)^Uyiy=\s\). 

Resolving it means telling the size of s (in the consequent) while knowing (from the antecedental resource) 
the size r of the binary predecessor [s/2j of s. As was established earlier in the proof of Theorem I18.2[ 
we can tell whether s equals 0, O', or neither. If s = or s = 0', then its size is the value of O' which, as 
pointed out in the previous paragraph, we know how to compute. Otherwise, the size of s is r', which we can 
compute using Axiom 10. In all cases we thus can tell the size of s, and thus we can resolve the consequent 
of the above-displayed inductive step. 
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Below is a formal counterpart of the above argument. 

1. L\x{x = 0') Lemma [TX^ 

2. w = 0'^t; = |0| PA 

3. v = 0' ^L\y{y = \0\) U-Choose: 2 

4. Ux(x = 0') ^ Uy(y=|0|) Fl-Introduction: 3 

5. Uy(y=|0|) MP: 1,4 

6. s = OUs = 0'us>0' ((i^ . established in the proof of Theorem ll8.2l 

7. w = 0' ^ s = ^i; = |s| PA 

8. i; = 0'^s = O^Uy(y = |s|) U-Choose: 7 

9. \Jx{x = 0') ^ s^O ^\Jy{y=\s\) ri-Introduction: 8 

10. s = O^Uy{y=\s\) MP: 1,9 

11. s = 0^Uy(y=|[s/2j|)^U?;(?;=|s|) Weakening: 10 

12. v = 0' ^ s^O' ^v=\s\ PA 

13. t; = 0'^.s = 0'^U?/(y=|s|) U-Choose: 12 

14. \Jx{x^O') ^ s = 0' ^\Jy{y=\s\) Fl-Introduction: 13 

15. s = 0' ^Uy{y=\s\) MP: 1,14 

16. s = 0' ^Uy{y=\[s/2\\)^Uy{y = \s\) Weakening: 15 

17. \s\ < b Axiom 13 

18. \s'\<b^Ux{x = s') Axiom 10 

19. ny{\y'\<b ^Ux{x = y')) Fl-Introduction: 18 

20. |s|<b A (|r'|<b^±) ^s>0'^r=|[s/2j|^± PA 

21. \s\<bA{\r'\<b^w = r')^s>0'^r=\[s/2\\^w = \s\ PA 

22. \s\<bAi\r'\<b^w = r')^s>0'^r=\[s/2\\^L\y{y=\s\) U-Choose: 21 

23. |s|<bA(|r'|<b^Ua;(a; = r'))^.s>0'^r=|[s/2j|^Uy(y=|s|) Wait: 20,22 

24. |s|<bAn?/(|?/'|<b^Ua;(x = j/'))^s>0'^r=|[s/2j|^Uy(y = |s|) U-Choose: 23 

25. \s\<b Any{\y'\<b ^Ux{x = y')) ^ s>0' ^Uy{y = \[s/2\\) ^Uy{y=\s\) n-Introduction: 24 

26. s>0' ^L\y{y=\[s/2\\)^L\y{y=\s\) MP: 17,19,25 

27. Uy(y=|[s/2J|) U2/(j/=|s|) U -Elimination: 6,11,16,26 

28. Uy(y=|s|) BPI: 5,27 ■ 

Lemma 19.2 PTA h na;(|x| = b U < b). 

Proof. An informal argument for na;(|x| = b U |a::| < b) is the following. Given an arbitrary x, we can find 
a t with t=\x\ using Lemma [19. II Lemma [18.31 allows us to tell whether t=b or t^b. In the second case, in 
view of Axiom 13, we have t<b. Thus, we can tell whether t = b or t<b, i.e., whether |a;| = b or |2:|<b. This 
means that we can resolve |x| = bu|a;|<b. Formally, we have: 

1. na;Uy(y = Lemma [19. II 

2. na;ny(y = a: U T/T^a;) Lemma [18.31 

3. i= |s| A i = b ^ |s| = b Logical axiom 

4. i= |s| A i = b ^> |s| = b U |s| <b U-Choose: 3 

5. \s\ < b Axiom 13 

6. \s\<b^t=\s\At^b~^\s\<b PA 

7. t=\s\At7^b^\s\<b MP: 5,6 
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8. i=|s| Ai^b ^- |s| = b U |s|<b u-Choose:7 

9. t=\s\ A {t = but^b) ^\s\ = bu\s\<b n -Introduction: 4,8 

10. t=\s\ Ar\xr\y{y = xUy9tx) -^\s\ = bu\s\<b U-Choose (twice): 9 

11. L\y{y = \s\) Anxny{y = xUy7^x) -^\s\ = bLl\s\<b ri-Introduction: 10 

12. r\xL\y{y = \x\) Ar\xr\y{y = xUy^x) -^\s\ = bu\s\<b U-Choose: 11 

13. |s| = bu|s|<fa MP: 1,2,12 

14. na;(|a;| = bu |a:;|<b) ri-Introduction: 13 ■ 

19.2 The efficient computability of unary successor 

In our subsequent treatment we will be using the abbreviation 

E^F 

for the expression U F. The operator □ thus can be called choice implication. 

When omitting parentheses, □ will have the same precedence level as U , so that, say, E ^ F G should 
be understood as {Ez} F) -^G rather than E Z} {F G). 

The following lemma strengthens (the Fl-closure of) Axiom 10 by replacing — s> with □ . 

Lemma 19.3 PTA h na;(|a;'| < b □ U?/(?/ = x')) . 

Proof. An informal argument for \~\x{\x'\<b ZiUy{y = x')^ goes like this. Given an arbitrary x, using 
Lemma 119.21 we can figure out whether |a;| = b or |x|<b. 

If |a;|<b, then (by PA) |x'|<b. Then, using Axiom 10, we can find a t with t = x'. In this case, 
\x'\ < b □ \-\y{y = x') will be resolved by choosing its right component L\y{y = x') and then specifying y as t in 
it. 

Suppose now |a;| = b. Then, by PA, < b if and only if x is even. And Axiom 12 allows us to tell whether 
X is even or odd. If x is even, we resolve < b □ \-\y{y = x') as in the previous case. And if x is odd, then 
x'l < b □ \-iy{y = x'), i.e. -^\x'\ < b U Uy{y = x'), is resolved by choosing its left component -^\x'\ < b. 

The following is a formalization of the above argument. 

1. na;(|a;| = b U |x|<b) Lemma [T9^ 

2. |s| = bu|s|<b ri-Elimination: 1 

3. Ua;(s = a;0 U s = 2;l) Axiom 12 

4. \s'\<b -^L\x{x = s') Axiom 10 

5. (|s'|<b^_L) ^s = rO^ |s| = b^_L PA 

6. {\s'\<b^t = s') ^s = rO^\s\ = b^t = s' PA 

7. {\s'\<b^t = s') ^s = rO^\s\ = b^L\y{y = s') U-Choose: 6 

8. {\s'\<b^Ux{x = s')) -^s = rO^\s\ = b^Uy{y = s') Wait: 5,7 

9. s = rO^\s\ = b^\Jy{y = s') MP: 4,8 

10. s = rO ^\s\ = b ^\s'\<bziL\y{y = s') U-Choose: 9 

11. s = rl->|s| = b^^|s'|<b PA 

12. s = rl^\s\ = b^\s'\<bZl\Jy{y = s') U-Choose: 11 

13. s = rOus = rl^\s\ = b^\s'\<bziL\y{y = s') n -Introduction: 10,12 

14. L\x{s = xOu s = xl) ^\s\ = b ^\s'\<bZlL\y{y = s') Fl-Introduction: 13 

15. \s\ = b^\s'\<bzUy{y = s') MP: 3,14 

16. (|s'|<b^±) ^ |s|<b^_L PA 

17. (|s'|<b^i = s') ^ |.s|<b^t = .s' PA 
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18. {\s'\<b^t = s') ^\s\<b^Uy{y = s') U-Choose: 17 

19. {\s'\<b^L\x{x = s')) ^\s\<b^L\y{y = s') Wait: 16,18 

20. \s\<b^L\y{y = s') MP: 4,19 

21. \s\<b'^\s'\<bZiUy{y = s') u -Choose: 20 

22. \s'\<b^Uy{y = s') U -Elimination: 2,15,21 

23. nx{\x'\<bZiUy{y = x')) n-Introduction: 22 ■ 



19.3 The efficient computability of binary 0-successor 

The foUowing lemma strengthens Axiom 11 in the same way as Lemma [19.31 strengthens Axiom 10. 

Lemma 19.4 PTA h nx(|a;0| < b □ U?/(?/ = a;0)) . 

Proof. Informally, the argument underlying our formal proof of na;(|x0| < b □ Uy(y = a;0)) is the follow- 
ing. Consider an arbitrary x. Using Lemma [19.21 we can tell whether \x\ = b or |a;| < b. If |a;| < b, then |a;0| < b 
and, using Axiom 11, we can find a t with t = xO. We then resolve |a;0| < b □ \-iy{y = xO) by choosing its right 
Zl -component and specifying y as t in it. Suppose now |x| = b. Using Axiom 9, we can tell whether x is or 
not. If X is 0, then |a;0| < b □ \-iy{y = xO) is resolved by choosing its right □ -component and specifying y a.s x 
in it. Otherwise, if x^O, then the size of xO exceeds b. So, |a;0|<b □ \-iy{y = xO) is resolved by choosing its 
left □ -component -i|xO I < b. Formally, we have: 

1. na;(|a;| = b U |x|<b) Lemma [TWl2\ 

2. |s| = bu|s|<b ri-Elimination: 1 
s = OU.s#0 Axiom 9 



s = 
s = 
s = 



7. s^O 

8. s^O 



9. 

10. 

11. 

12. 

13. 

14. 

15. 

16. 

17. 

18. 



|.| = b^| 
|sO|<b- 
(|sO|<b 
(|sO|<b 
(|sO|<b 
(|sO|<b 
|s|<b-> 
|s|<b-^ 



= b^s = sO PA 

= b ^Uy{y = sO) U-Choose: 4 

= b -)> |sO| <b □ U?/(?/ = sO) U-Choose: 5 

= b^^|sO|<b PA 

= b ^\sO\<bziL\y{y = sO) U-Choose: 7 
sO| <b □ Uy(y = sO) U -Elimination: 3,6,8 
-^\-\x{x = sO) Axiom 11 
^_L)^|s|<b^± PA 
-^t = sO) ^\s\<b^t = sO PA 
->< = sO)->|s|<b^Uy(y = sO) U-Choosc: 12 
-^\Jx{x = sO)) ^\s\<b^\Jy(y = sO) Wait: 11,13 

Uy(y = sO) MP: 10,14 

\sO\<bZl\Jy{y = sO) U-Choose: 15 



\sO\<bziL\y{y = sO) u -Elimination: 2,9,16 
na;(|a;0|<buU?;(?; = a::0)) Fl-Introduction: 17 



19.4 The efficient computability of binary 1-successor 

The following lemma is the same to Lemma 113.11 as Lemma 119.41 is to Axiom 1 1 . 

Lemma 19.5 PTA h na:(|a;l| < b □ U?/(?/ = a;l)) . 
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Proof. The argument underlying our formal proof of na;( | < b □ \-iy{y = xl)) is the following. Consider 
an arbitrary x. Using Lemma ri9.4[ we can tell whether the size of xO exceeds b, or else find a t with t = xO. 
In the first case we resolve |xl| < b □ Uy(y = a;l) by choosing its left component -i|a;l|<b, because (we know 
from PA that) |a;0| — \xl\. In the second case, using Axiom 10, we find an r with r = t' . This axiom is 
applicable here because |t'|<b; |t'|<b, in turn, is true because |t|<b (by Axiom 13) and t is even, so the 
unary successor of t is of the same size as t itself Note that (as PA can help us to figure out), in the present 
case, r = xl. So, we can resolve |a;l| <b □ \-\y{y = x\) by choosing its right component and then specifying y 
as r in it. Formally, we have: 

1. na;(^|xO| <b U Uy(j/ = xO)) Lemma 

2. -.|sO| <b U Uy(y = sO) Fl-Elimination: 1 

3. ^|sO|<b^-i|sl|<b PA 

4. -i|sO| <b |sl| <b □ U2/(y = sl) U-Choose:3 

5. |t|<b Axiom 13 

6. \t'\<h^Ux{x = t') Axiom 10 

7. |t|<bA (|i'|<b^_L) ^i = sO^_L PA 

8. \t\<h ^{\t'\<b^r = t') ^t = sQ^r = sl PA 

9. |t|<bA (|i'|<b^r = i') ^t = sO^Uy(y = sl) U-Choose: 8 

10. \t\<h A{\t'\<b^VAx{x = t')) ^t = sQ^VAy{y = sl) Wait: 7,9 

11. t = s()^Uy{y = s\) MP: 5,6,10 

12. VAy[y = sQ) ^VAy{y = s\) Fl-Introduction: 11 

13. Uy(y = sO) ^ |sl|<bDUy(y = sl) u -Choose: 12 

14. |sl|<b^Uy(y = sl) U -Elimination: 2,4,13 

15. na;(|a;l| < b □ Uy(y = a;l)) Fl-Introduction: 14 ■ 



19.5 The efficient computability of addition 

Lemma 19.6 PTA h nxFly (|a; + y| < b □ VAz{z = x + y)). 

Proof. The main idea behind our proof of na;ny(|x + y| <b □ Uz(z = a; + y)), which proceeds by BSI 
induction, is the fact — known from PA — that the sum of two numbers can be "easily" found from the 
sum of the binary predecessors of those numbers. Specifically, observe that we have: 

(i) sO + rO= (s + r)0, because 2s + 2r = 2(s + r); 

(ii) sO + rl = (s + r)l, because 2s + (2r + l) = 2(s + r) + l; 

(iii) sl + rO = (s + r)l, because (2s + 1) + 2r = 2(s + r) + 1; 

(iv) sl+rl = ((s + r)l)', because (2s + 1) + (2r + 1) = (2(s + r) + 1) + 1. 

The formula of induction is ny(|s + y| < b □ Uz(2: = s + y)) (from which the target formula immediately 
follows by ri-Introduction). 

The basis ny(|0 + y| < b □ Uz(z = + y)) of induction can be established/resolved rather easily, by choosing 
the right component of the □ combination and selecting the value of z to be the same as the value of y. 

In resolving the inductive step 

ny(|s + y| <b □ VAz{z = s + y)) ^ ny(|s0 + y| < b □ U2;(z = s0 + y)) n Fly (|sl +y| < b □ Uz(z = sl +y)) , 

we wait for the environment to select a n -conjunct in the consequent (bottom-up n -Introduction) and then 
select a value t for y in it (bottom- up Fl-Introduction). Let us say the left conjunct is selected, meaning that 
the inductive step will be brought down to (i.e. the premise we are talking about will be) 

VAy{\s + y\<b^Uz{z = s + y)) (|s0 + i| < b □ Uz(z = s0 + i)) . 
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Using Axiom 12, we can find the binary predecessor r oi t, and also figure out whether t is rO or rl. Let us 
say t = rO. Then we specify y as r in the antecedent of the above formula, after which the problem we need 
to resolve is, in fact, 

{\s + r\<bZi\Jz{z = s + r)) -> (|sO + rO| < b □ Uz(z = sO + rO)) . 

Here we can wait till the environment selects one of the □-components in the antecedent. If the left 
component is selected, we can resolve the problem by selecting the left □-component in the consequent, 
because, if \s + r\ exceeds b, then "even more so" does |sO + rO|. Otherwise, if the right component is selected, 
then we further wait till the environment also selects a value u for z there, after which the problem will be 
brought down to 

u = s + r ^ (^\sO + rO\<b^ Uz(z = sO + rO)) . 

But from the earlier observation (i) we know that sO + rO — (s + r)0. So, the above problem is, in fact, nothing 
but 

u = s + r ^ [\uO\<b^ L\z{z = uO)), 

which — whose consequent, that is — we can resolve using Lemma 119.41 

The remaining three possibilities of the above scenario are similar, but will rely on observation (ii), (iii) 
or (iv) instead of (i), and Lemma [19.51 instead of 119.41 The case corresponding to (iv), in addition, will also 
use Lemma 119.31 

Below is a formal counterpart of the above argument in full detail: 

1. s = + s PA 

2. L\z{z = + s) U-Choose: 1 

3. |0 + s| <b □ Uz(z = + s) u -Choose: 2 

4. n2/(|0 + y| <b □ Uz(z = + j/)) Fl-Introduction: 3 

5. t = rO ^ ^\s + r\<b ^ ^\sO + t\<b PA 

6. i = rl^^|s + r|<b^^|sO + <|<b PA 

7. t = rOut^rl ^ ^\s + r\<b ^ ^\sO + t\<b n -Introduction: 5,6 

8. t = rOut = rl^^\s + r\<b^\sO + t\<bziUz{z = sO + t) U-Choose:7 

9. n2:(|a;0|<b^Uy(y = a;0)) Lcmma[lM] 

10. |uO|<b □□?/(?/ = uO) ri-Elimination: 9 

11. ^|uO| <b t = rO M = s + r ^|sO + t| < b PA (observation (i)) 

12. -n\uO\<b^t^r0^u = s + r^\sO + t\<bZi\Jz{z = sO + t) U-Choose:ll 

13. w = uO ^t^rO ^ u^s + r ^ w = sO + t PA (observation (i)) 

14. w = uO ^t = rO ^ u^s + r ^Uz{z = sO + t) U-Choosc: 13 

15. \Jy{y = uO) t = rO ^ u = s + r -^\Jz{z = sO + t) Fl-Introduction: 14 

16. \Jy{y = uO) ^t = rO ^ u = s + r ^\sO + t\<b^L\z{z = sO + t) U -Choose: 15 

17. |uO| < b □ U?/(?/ = uO) ->t = rO ^M = s + r ^ |sO + t| <b □ Uz(z = sO + i) n -Introduction: 12,16 

18. t = r0^u = s + r^\sO + t\<b^Uz{z = 30 + t) MP: 10,17 

19. na;(|a:l|<b □ U?;(?; = a;l)) Lemma[l93] 

20. |ul|<b □ U?/(?/ = ul) n-Elimination: 19 

21. -.\ul\<b ^t^rl ^ u = s + r ^ ^\sO + t\<b PA (observation (ii)) 

22. -n\ul\<b^t = rl^u = s + r^\sO + t\<bzi\Jz{z = sO + t) u-Choose:21 

23. w = ul -^t = rl ^ u = s + r ^ w = sO + t PA (observation (ii)) 

24. w = ul^t = rl^u = s + r^L\z{z = sO + t) U-Choose: 23 

25. \Jy{y = ul) ^ t = rl ^ u = s + r ^\Jz{z = sO + t) Fl-Introduction: 24 

26. Uy(y = ul) ^i = 7'l ^u = s + r ^ |sO + i|<b □ Uz(z = sO + i) u -Choose: 25 

27. \ul\<b^Uy{y = ul) ^t = rl^u = s + r^\sO + t\<b^Uz{z = sO + t) n -Introduction: 22,26 
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28. t = rl^u = s + r^\sO + t\<b^Uz{z = sO + t) MP: 20,27 

29. t = rOut = rl^u = s + r^\sO + t\<bZiL\z{z = sO + t) n -Introduction: 18,28 

30. t = rOut = rl^\Jz{z = s + r) ^\sO + t\<bZl\Jz{z-=sO + t) Fl-Introduction: 29 

31. t^rOut = rl ^\.s + r\<bZ3\Jz{z = s + r) ^\sO + t\<b^Uz{z = sO + t) n -Introduction: 8,30 

32. t = rOut = rl^ny{\s + y\<bZl\Jz{z = s + y)) ^\sQ + t\<b^\Jz(z = sO + t) U-Choose: 31 

33. \Jx{t = xOut = xl) ^ny{\s + y\<bZl\Jz{z = s + y)) -^\sO + t\<b^Uz{z = sO + t) Fl-Introduction: 32 

34. \Jx{t = xOut = xl) Axiom 12 

35. \ly{\s + y\<bZiL\z{z = s + y)) ^\sO + t\<b^L\z{z = sO + t) MP: 34,33 

36. ny(|s + y| < b □ Uz(z = s + j/)) ^ n?;(|sO + y| <fa □ Uz(z = sO + y)) Fl-Introduction: 35 

37. t = rO-^^\s + r\<b^^\sl + t\<b PA 

38. t = rl^^\s + r\<b^^\sl + t\<b PA 

39. t = rOut = rl^^\s + r\<b^^\sl+t\<b n -Introduction: 37,38 

40. t = rOut = rl^^\s + r\<b^\sl + t\<b^Uz{z = sl + t) U-Choose:39 

41. ^|ul| < b — > t = rG ^ u = s + r — > ^|sl + i| < b PA (observation (iii)) 

42. -n\ul\<b ^t = rO ^ u = s + r ^ \sl+t\<bZl\Jz{z = sl+t) U-Choose:41 

43. ■w = ul ^ t = rO ^ u^s + r ^ w^sl + t PA (observation (iii)) 

44. w = ul ^t^rO ^ u^s + r ^Uz{z = sl + t) U-Choose: 43 

45. \Jy{y = ul) ^ t = rO ^ u = s + r ^\Jz{z = sl + t) H-Introduction: 44 

46. Uy{y = ul) ^t = rO ^u = s + r ^\sl+t\<b^Uz{z = sl + t) u -Choose: 45 

47. |ul| < b □ U?/(?/ = ul) ^t = rO ^M = s + r ^ |sl + t| <b □ Uz(z = sl + i) n -Introduction: 42,46 

48. t = r0^u = s + r^\sl + t\<b^Uz{z = sl+t) MP: 20,47 

49. ^|ul| < b — ^ t = rl — ^ u = s + r — > ^|sl + i| < b PA (observation (iv)) 

50. -^\ul\<b^t = rl^u = s + r^\sl+t\<bZiL\z{z = sl+t) U-Choose: 49 

51. nx{\x'\<bZl\Jy{y = x')) LemmallU 

52. \w'\<b^Uy{y = w') H-Elimination: 51 

53. -^\'w'\<b ^ w = ul ^ t = rl ^ u = s + r ^ ^\sl+t\<b PA (observation (iv)) 

54. -n\w'\<b ^ w = ul ^t^rl ^ u^s + r ^ \3l + t\<b ^Uz{z = sl + t) U-Choose: 53 

55. v = w' ^ w = ul -i- t = rl -i- u = s + r v = sl+t PA (observation (iv)) 

56. v = w' ^ w = ul t = rl u = s + r -^Uz{z = sl+t) U-Choose: 55 

57. L\y{y = w') ^ w = ul ^ t = rl ^ u^s + r ^ L\z{z = sl + t) H-Introduction: 56 

58. Uy{y = w') ^w = ul ^t = rl ^ u = s + r ^ \sl+t\<bziUz{z = sl + t) u-Choose:57 

59. \w'\<b^Uy{y = w') ^ w = ul ~^t = rl u = s + r ^ \sl+t\<b^Uz{z = sl + t) n -Introduction: 54,58 

60. w = ul^t = rl^u = s + r^\sl+t\<b^Uz{z = sl + t) MP: 52,59 

61. Uy{y = ul) ^ t = rl ^ u = s + r ^ \sl+t\<b ^L\z{z = sl + t) H-Introduction: 60 

62. |ul| <b □ Uj/(j/ = ul) ^t = rl ^ M = s + r |sl + t| <b □ Uz(z = sl + i) n -Introduction: 50,61 

63. t^rl^u = s + r^\sl + t\<bZJ\Jz{z = sl + t) MP: 20,62 

64. t = rOut = rl ^u = s + r ^\sl + t\<bziL\z{z = sl + t) n -Introduction: 48,63 

65. t = rOut = rl ^L\z{z = s + r) ^\sl + t\<bziL\z{z = sl + t) H-Introduction: 64 

66. t = rOut = rl ^\s + r\<bziL\z{z = s + r) ^\sl + t\<b^L\z{z = sl + t) n -Introduction: 40,65 

67. t = rOut = rl^ny{\s + y\<bzi\Jz{z = s + y)) ~^\sl + t\<b^Uz{z^.sl + t) H-Choose: 66 

68. \Jx{t = xOut = xl) ^ny{\s + y\<bZi\Jz{z = s + y)) '^\sl + t\<b^\Jz{z = sl + t) H-Introduction: 67 

69. ny{\s + y\<bZl\Jz{z = s + y)) ^\sl+t\<b^\Jz(z = sl + t) MP: 34,68 
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70. ny{\s + y\<bZi\Jz{z = s + y)) ~^ny(\sl + y\<b^Uz{z = sl + y)) Fl-Introduction: 69 

71. ny(|s + y| < b □ \Jz{z = s + y)) ^ Fly (|sO + y| < b □ Uz(z = sO + y)) n ny(|sl + y| < b □ Uz{z = sl+y)) 

n -Introduction: 36,70 

72. \ly{\s + y\<bZiL\z{z = s + y)) BSI: 4,71 

73. na:nj/(|x + ?/|<b^Uz(z = a; + y)) Fl-Introduction: 72 ■ 

19.6 The efficient computability of multiplication 

The following lemma is fully analogous to the lemma of the previous subsection, with the difference that 
this one is about multiplication instead of addition. Morally, the proof of this lemma is also very similar to 
the proof of its counterpart. But, as multiplication is somewhat more complex than addition, technically 
a formal proof here would be considerably longer than the 73-step proof of Lemma 119. 6[ and producing it 
would be no fun. For this reason, we limit ourselves to only an informal proof. As noted earlier, sooner or 
later it would be necessary to abandon the luxury of generating formal proofs, anyway. 

Lemma 19.7 PTA h na:;nj/(|x x y| < b □ \Jz{z = x x y)) . 

Proof. By BSI induction on s, we want to prove ny(|sxj/|<b □ \-iz{z = sxy)), from which the target 
formula follows by Fl-Introduction. 
The basis 

n?/(|Oxzy|<b □ Uz(2 = 0x2/)) (78) 

of induction is simple: for whatever y, since = xy^ the problem |0 x y| < b □ Uz(z = x y) is resolved by 
choosing the right □ -component and specifying z as the value of 0. Our ability to produce such a value is 
guaranteed by Axiom 8. 
The inductive step is 

ny(|sxy| <b □ Uz(z = sxy)) n?/(|sOx j/l <b □ Uz(z = sOxy)) n ny(|sl xy| < b □ Uz(z = sl xy)). (79) 

In justifying it, we rely on the following facts — call them ^'observations" for subsequent references — 
provable in PA: 

(i) sO X rO= (s X r)00, because 2s x 2r = 4(s x r); 

(ii) sOxrl = (sxr)00 + sO, because 2sx (2r + l)=4(sxr) + 2s; 

(iii) si X rO= (s X r)00 + rO, because (2s + 1) x2r = 4(sxr) + 2r; 

(iv) si xrl = (sxr)00+(s + r)l, because (2s + 1) x (2r + 1) =4(s x r) + (2(s + r) + 1) . 

In resolving (|79|) . at the beginning we wait till the environment selects one of the two n-conjuncts in 
the consequent, and also a value t for y there. What we see as a "beginning" here is, in fact, the end of 
the proof of ((7^ for, as pointed out in Section [T71 such proofs correspond to winning strategies only when 
they are read bottom-up. And, as we know, the steps corresponding to selecting a n -conjunct and selecting 
t for y are (bottom-up) n -Introduction and H-Introduction. Then, using Axiom 12, we find the binary 
predecessor r of t. Furthermore, the same axiom will simultaneously allow us to tell whether t = rO or t = rl. 
We immediately specify (bottom- up U-Choose) y as r in the antecedent of ([79l) . We thus have the following 
four possibilities to consider now, depending on whether the left or the right n -conjunct was selected in the 
consequent of (|79l) . and whether t = rO oi t = rl. In each case we will have a different problem to resolve. 

Case 1: The problem to resolve (essentially) is 

|sxr| < b □ L\z{z = sxr) ^> |sOxrO| <b □ Uz(z = s0 x rO). (80) 

Pretending for a while — for simplicity — that no values that we are going to deal with have sizes exceeding 
b, here is our strategy. Using the resource provided by the antecedent of (|80p . we find the product w of 
s and r. Then, using the resource provided by Lemma 119.41 (which, unlike the resource provided by the 
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antecedent of ([50]) . conies in an unlimited supply) twice, we find the value v of wOO, i.e. of (s x r)00. In 
view of observation (i), that very v will be (equal to) sQxrO, so ([80]) can be resolved by choosing the right 
□ -component in its consequent and specifying z as v. 

The above, however, was a simplified scenario. In a complete scenario without "cheating" , what may 
happen is that, while using the antecedent of (1801) in computing s x r, or while — after that — using Lemma 
119.41 in (first) computing (s x r)0 and (then) (s x r)00, we discover that the size of the to-be-computed value 
exceeds b and hence the corresponding resource (the antecedent of ((80|) . or Lemma fl9.4p does not really allow 
us to compute that value. Such a corresponding resource, however, does allow us to tell that the size of the 
sought value has exceeded b. And, in that case, ([50)1 is resolved by choosing the left component -ijsO x rO| < b 
of its consequent. 

Case 2: The problem to resolve is 

|sxr| < b □ Uz(z = sxr) ^ |sOxrl| <b □ U2(z = sOxrl). (81) 

Here and in the remaining cases, as was done in the first paragraph of Case 1, we will continue pretending 
that no values that we deal with have sizes exceeding b. Violations of this simplifying assumption will be 
handled in the way explained in the second paragraph of Case 1. 

Here, we fist compute (the value of) (s x r)00 exactly as we did in Case 1. Exploiting Lemma [19.41 one 
more time, we also compute sO. Using these values, we then employ Lemma 119.61 to compute (s x r)00 + sO, 
and use the computed value to specify z in the consequent of (j8ip (after first choosing the right □ -component 
there, of course). Observation (ii) guarantees success. 

Case 3: The problem to resolve is 

|sxr| < b □ Uz(z = sxr) ^> |sl xrO| <b □ Uz(z = sl xrO). (82) 

This case is very similar to the previous one, with the only difference that Lemma 119.41 will be used to 
compute rO rather than sO, and the success of the strategy will be guaranteed by observation (iii) rather 
than (ii). 

Case 4- The problem to resolve is 

|sxr| <b □ Uz(z = sxr) -5> |sl xrl| < b □ Uz(z = sl xrl). (83) 

First, we compute (s x r)00 exactly as in Case 1. Using Lemma 119.61 we also compute s + r and then, using 
Lemma [19.51 compute (s + r)l. With the values of (s x r)00 and (s + r)l now known, L cmma Fl 9 . 6 1 allows us 
to compute the value of (s x r)00+(s + r)l. Finally, using the resulting value to specify z in the consequent 
of (|83|) . we achieve success. It is guaranteed by observation (iv). ■ 



19.7 The efficient computability of all explicitly polynomial functions 

By "explicitly polynomial functions" in the title of this subsection we mean functions represented by terms 
of the language of PTA. Such functions are "explicitly polynomial" because they, along with variables, are 
only allowed to use 0, ', + and x. 

Lemma 19.8 For an£!| term t, PTA h |r|<b □ Uz{z = t). 

Proof. We prove this lemma by (meta)induction on the complexity of r. The following Cases 1 and 2 
comprise the basis of this induction, and Cases 3-5 the inductive step. 

Case 1: r is a variable t. In this case the formula |r| < b □ Uz(z=t), i.e. |t| <b □ Uz(z=t), immediately 
follows from the logical axiom t = t by U-Choose and then U -Choose. 

Case 2: t is 0. Then |o| < b □ Uz(z = 0) follows in a single step from Axiom 8 by U -Choose. 

^*In view of Convention 18.11 it is implicitly assumed here that t does not contain z, for otherwise the formula would have 
both bound and free occurrences of z. Similarly, since z is quantified, it cannot be b. 



62 



Case 3: t is 6' for some term 6. By the induction hypothesis, PTA proves 

\6\<b^Uz{z = 6). (84) 
Our goal is to estabhsh the PTA-provabihty of \9'\ <b □ Uz(z = 6''), which is done as follows: 

1. nx{\x'\<bZ}Uy{y = x')) Lemma[T9J] 

2. -^\6\<b^^\6'\<b PA 

3. -<\e\<b ^V^x{\x'\<h^Uy{y = x')) ^^\e'\<\) Weakening: 2 

4. -^\6\<h ^V^x{\x'\<buV^y{y = x')) ^\e'\<buVAz{z = e') u -Choose: 3 

5. s = 6 f\^\s'\<b ^ ^\6'\<b Logical axiom 

6. s = 6 ^^\s'\<b^\6'\<huV^z{z = 6') u -Choose: 5 

7. s = 9 At = s' ^ t^6' Logical axiom 

8. s = e At = s' ^L\z{z = e') U-Choose: 7 

9. s = e AL\y{y = s') ^L\z{z = e') Fl-Introduction: 8 

10. s = eAL\y{y = s')^\e'\<b^L\z{z = e') U -Choose: 9 

11. s = eA{\s'\<b^L\yiy = s'))^\e'\<b^L\z{z = e') n -Introduction: 6,10 

12. s = e A\lx{\x'\<bziL\y{y = x')) ^\e'\<bziL\z{z = e') U-Choose: 11 

13. L\z{z = e) A\lx{\x'\<bZiL\y{y = x')) ^\e'\<b^L\z{z = e') H-Introduction: 12 

14. {\e\<b^L\z{z^e)) A\lx{\x'\<bziL\y{y = x')) ^\e'\<bziL\z{z = e') n -Introduction: 4,13 

15. \e'\<bZiUz{z = e') MP: (mi), 1,14 

Case 4- T is 6*1 +6*2 for some terms 9i and 02- By the induction hypothesis, PTA proves both of the 
following formulas: 

\9i\<bZlUz{z = 9i); (85) 
\e2\<b^Uz{z = 92). (86) 
Our goal is to establish the PTA-provability of j^i + 021 < b □ Uz(z = 6'i +6*2), which is done as follows: 

1. r\xr\y(^\x + y\<b ZlUz{z = x + y)) Lemma fTH^ 

2. -.\9i\<b^^\9i+92\<b PA 

3. -^\9i\<b^\ei+92\<bZiL\z{z = 9i + e2) U -Choose: 2 

-.\9,\<bA{\92\<b^Uz{z = e2))Anxny{\x + y\<b^Uziz = x + y)) ^ , • . 3 
-^\di+92\<b^Uz{z = di+d2) Weakemngs. 3 

5. ^|6l2|<b^^|6ii+6i2|<b PA 

6. ^|6l2|<b^ |6ii+6l2|<bDUz(z = 6li + 6i2) U -Choose: 5 

7. Uz{z = 9i)A^\e2\<bAnxny{\x + y\<bziUz{z = x + y))^\ei+92\<bZiUz(z = 9i+e2) Weakenings: 6 

8. ii =6*1 A ^2 = ^*2 A ^|ti+i2| ^b ^|6'i+6'2| <b Logical axiom 

9. ti=9iAt2 = 02/\^\ti+t2\<b^\9i + 02\<b^\Jz(z = 9i+02) U -Choose: 8 

10. ti=9i At2=92 At = ti+t2 t = 9i + 62 Logical axiom 

11. ti=9i At2=92 At = ti+t2^Uz{z = ei+92) U-Choose: 10 

12. ti=9iAt2=92AL\z{z = ti+t2)^\-\z{z = 9i+e2) n-Introduction: 11 

13. ti=9i At2=92 AUz{z = ti+t2) ^\9i+92\<bziUz{z = 9i+92) u -Choose: 12 

14. ti=9iAt2=92 A {\ti+t2\<b^Uz{z = ti+t2)) ^\9i+92\<bzi\Jz{z = 9i+92) n -Introduction: 9,13 

15. ti=9iAt2^92Anxny{\x + y\<b^Uz{z = x + y))^\9i+92\<b^Uz{z = 9i+92) U-Chooses: 14 

16. Uz(z^eOAUz(z^^2)An.ny(|. + ,|.bDUz(z^. + y)) n-Introductions: 15 
^ |6'i+6'2|<b □ Uz(z = 6'i +6*2) 
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1 6*1 + 6*2 1 < b □ Uz (z = 6*1 + 6*2 ) 

(|0i|.bDUz(z = 0i))A(|e2Nb^Uz(z = 02))A n -Introduction- 4 17 

na;ny(|x + z/|<bDUz(z = a; + y))^|0i+02|<bDUz(z = 0i+02) introduction. 4, 

19. \ei+e2\<b^L\z{z = ei+e2) MP: (I85]),(l86l),l,18 

Case 5: t is 6*1 x 6*2 for some terms 9i and 6*2. Here we only outline a proof/ solution for the target 
|6'i X 021 < b □ Uz(z = 6'i X 02)- Using the induction hypothesis (I55|) and Axiom 9Fi we figure our whether ^?i=0 
or not. If ^1 =0, then 9i x 62 is also 0, and we solve the target by choosing its right component Uz{z = 9i x 6*2) 
and then naming the value of (which is found using Axiom 8) for z. Suppose now 6i^0. Then we do for 
02 the same as what we did for 611, and figure out whether 6*2 = or 02^0- If 6*2 = 0, we solve the target as 
we did in the case 6*1=0. Suppose now 62, just like 9i, does not equal to 0. Note that then the proof given 
in Case 4 goes through for our present case virtually without any changes, only with "x" instead of " + " 
and "Lemma 119.71 ' instead of "Lemma 119.61 ' . Indeed, the only steps of that proof that would be generally 
incorrect for x instead of + are steps 2 and 5. Namely, the formula of step 2 is false when 02 = 0, and the 
formula of step 5 is false when 0i = O. But, in the case that we are considering, these possibilities have been 
handled separately and by now are already ruled out. ■ 



19.8 The efficient computability of subtraction 

The formula of the following lemma, as a computational problem, is about finding the difference z between 
any two numbers x and y and then telling whether this difference is x-y or y-x. 

Lemma 19.9 PTA h r\xr\yUz{x = y + z U y = x + z). 

Proof. As we did in the case of Lemma [19. 71 showing a proof idea or sketch instead of a detailed formal 
proof would be sufficient here. By BSI+ induction on s, we want to prove VAyVAz{s = y + zUy = s + z), from 
which the target formula follows by Fl-Introduction. 

The basis 

UyVAz{0 = y + zUy = Q + z) (87) 

of induction is proven as follows: 

1. t = + t PA 

2. = t + tut = + t u-Choose: 1 

3. Uz{0 = t + zUt^O + z) U-Choose: 2 

4. \lyUz(0 = y + zUy = + z) Fl-Introduction: 3 

The inductive step is 

|sO| < b A PiyVAz{s = y + zUy = s + z) r\yVAz[sQ = y + zUy = sQ + z) n nyUz(sl=?; + z U y = sl + z). (88) 

To prove (|88p . it would be sufficient to prove the following two formulas, from which fM]) follows by n- 
Introduction: 

|sO| <b A nyUz{s = y + zUy = s + z) r\yL\z{sO = y + zUy = sO + z); (89) 

|sO| < b A r\yUz{s = y + z Uy = s + z) r\yUz{sl=y + z Uy = sl + z). (90) 

Let us focus on ((89)) only, as the case with ([90| is similar. (|89|) follows from the following formula by 
□-Introduction: 

|sO| <b A nyL\z{s = y + zU y = s + z)^ Uz{sO = t + zut = s() + z). (91) 

A strategy for the above, which can eventually be translated into a bottom-up PTA-proof, is the following. 
Using Axiom 12, we find the binary predecessor r oit, and also determine whether i = rO or t = rl. 

^^Strictly speaking, Axiom 13 or Lemma 113. 21 will also be needed here to be sure that, if the size of di exceeds b, then 9i ^0. 
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Consider the case of t = rO. Solving (|9ip in this case essentially means solving 

|sO| <b A nyL\z{s = y + z U y = s + z) -^L\z{sO = rO + zUrQ = sO + z). (92) 

We can solve the above by using the second conjunct of the antecedent (specifying ?/ as r in it) to find a w 
such that s = r + w or r = s + w, with "or" here being a choice one, meaning that we will actually know which of 
the two alternatives is the case. Let us say the case is s = r + w (with the other case being similar). From PA 
we know that, if s = r + w, then sO = rQ + wO. So, in order to solve the consequent of (|92l) . it would be sufficient 
to specify z as the value u of wO, and then choose the left U -disjunct sO = rQ + u of the resulting formula. Such 
a u can be computed using Axiom 11: \wO\ < b — \-\x{x = wO), whose antecedent is true because, according to 
the first conjunct of the antecedent of ([5^ . the size of sO — and hence of wO — does not exceed b. 

The remaining case of t = rl is similar, but it additionally requires proving nx(^X7^0ZlL\y{x = y')^ (the 
efficient computability of unary predecessor), doing which is left as an exercise for the reader. ■ 



19.9 The efficient computability of "x's yth bit" 

For a natural numbers n and i — as always identified with the corresponding binary numerals — we will 
write {n)i = for a formula saying that \n\>i and bit #i of n is 0. Similarly for (n)i = l. In either case the 
count of the bits of n starts from rather than 1, and proceeds from left to right rather than (as more 
common in the literature) from right to left. So, for instance, if n ~ 100, then 1 is its bit ^^0, and the Os are 
its bits #1 and #2. 

Lemma 19.10 PTA h nxny{\x\>y ^ {x)y = Ou {x)y = l) . 

Proof. We limit ourselves to providing an informal argument within PTA. The target formula follows 
by ri-Introduction from n2/(|s| >?/ □ (s)y = U (s)j, = l), and the latter we prove by BSI. 
The basis of induction is 

ny(|O|>yD(o), = 0u(o), = l). (93) 

Solving it is easy. Given any y, using Axiom 9, figure out whether y = or y^O. If y = 0, then resolve (j93p by 
choosing {o)y = in it. Otherwise, choose -i|o|>?/. 
The inductive step is 

ny{\s\>y^{s)y = Ou{s)y = l)^ , . 

ny{\sO\>y^{sO)y=Ou{sO)y = l)nny{\sl\>y^isl)y = Ou{sl)y = l). ' 

Solving it is not hard, either. It means solving the following two problems, from which (|94|) follows by first 
applying U-Choose, then Fl-Introduction and then n -Introduction: 

|s|>rD (s),. = Ou (s)^ = l-^ |sO|>rD (sO)r = Ou (sO)r = l; (95) 

\s\>r ^ {s)r = U {s)r = l ^ \sl\>r {sl)r = Ou {sl)r = l. (96) 

To solve ((95)) . wait till the environment selects one of the three U-disjuncts in the antecedent. If {s)r = 
is selected, then select (sO), =0 in the consequent and you are done. Similarly, if (s)r = l is selected, then 
select (sO)r = l in the consequent. Suppose now ^|s|>r is selected. In this case, using Lemma [19.11 find the 
value of \s\ and then, using Lemma 118.31 figure out whether \s\=r or jsj^^r. If |s|=r, then select (sO)r=0 in 
the consequent of ([55]) : otherwise, if |s|5^r, select ^|sO|>r there. 

The problem (|96p is solved in a similar way, with the difference that, where in the previous case we 
selected (sO)r = 0, now (sl)r = l should be selected. ■ 
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20 Two more induction rules 



This section establishes the closure of PTA under two additional variations of the PTI and WPTI rules. 
These variations are not optimal as they could be made stronger nor are they natural enough to deserve 
special names. But these two rules, exactly in their present forms, will be relied upon later in Section 1211 
Thus, the present section is a purely technical one, and a less technically-minded reader may want to omit 
the proofs of its results. 

Lemma 20.1 The following rule is admissible in PTA; 

R E{w) A F{w) \t'\ < h A E{t) A F{t) E{t) A {E{t') n F{t')) 
R/\w<t<T ^ E{t) /\F{t) ' 

where R is any elementary formula, w is any variable, t is any variable other than h, t is any b-term, 
E(t),F(t) are any formulas, E{w) (resp. E(t')) is the result of replacing in E(t) all free occurrences oft by 
w (resp. t'), and similarly for F{w), Fit'). 

Idea. We manage reduce this rule to PTI by taking R A jw + sj < b ^ E{w + s) and R A \w + s\ < b — >■ F{w + s) 
in the roles of the formulas E{s) and F{s) of the latter. ■ 

Proof. Assume all conditions of the rule, and assume its premises are provable, i.e., 

PTAh R^ E{w) A F{w); (97) 

PTAh \t'\<b A E{t) A F{t) ^ E{t) A {E{t') n F{t')) . (98) 

Our goal is to show that PTA \- R Aw <t<T ^ E{t) A F{t). 
Let us agree on the following abbreviations: 

E{s) = R A\w + s\<b ^ E{w + s); F{s) = R A\w + s\<b ^ F{w + s). 

As easily seen, we have 

CL4 ^f = wA{p-^ Piw) A Q{w)) ^{pAq^ P(/)) A (p A g Q(/)) 

and hence, by CL4-Listantiation, 

PTA h w + = w A {R^E{vu) A F{vu)) {R A\w + 0\<b ^ E{w + 0)) A {R A\vu + 0\<b ^ F{uj + 0)). 

The above, together with (IWl) and the obvious fact PA h ■w + = w, by Modus Ponens, yields 

PTA h {RA\w + 0\<b^ E{w + 0)) A {RA\w + 0\<b^ F{w + 0)), 

i.e., using our abbreviations, 

PTA h i?(0) aF(0). (99) 
With a little effort, the following can be seen to be a valid formula of classical logic: 

{\t'\<b Api{t) Aqi{t) ^P2it) Aq2{t')) ^ 

t = w + s— ^ \vu + s'\<b A \vu + s\<b A (w + s)' = w + s' ^> 

(R A \w + s\<b ^ pi{w + s)) A (R A \w + s\<b ^ qi{w + s)) ^ 

(RA\vu + s\<b-^P2iw + s))A[RA\w + s'\<b^q2{w + s')). 

Applying Match four times to the above formula, we find that CL4 proves 

{\t'\< b A Pi{t) A Qi{t) ^ P2{t) A Q2{t')) ^ 

t = w + s^\w + s'\<b A\w + s\<b a{w + s)' = w + s' nnnA 
(RA\w + s\<b^Pi{w + sy]A{RA\w + s\<b'^Qi{w + s))-> ^ ' 

[RA\w + s\<b^P2{w + s))A[RA\w + s'\<b^Q2{w + s')). 

^''For instance, the rule of Lemma 120. II can be easily strengthened by weakening the consequent of its right premise to the 
more PTI-style E{t') PI {F{t') A E(t)), and/or strengthening the antecedent of that premise by adding the conjuncts R and 
to<t<T (on the additional condition that t does not occur in R). 
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Now we claim that 

TTAh s<T^E{s) A F{s). (101) 
Below comes a justification of this claim: 

1. -^\w + s'\<buL\z{z = w + s') Lemma [T??51 

2. -n\w + s'\<b ^ E{s) A F{s) ^ E{s) A (^{R A\w + s'\<b Eiw + s')) n {R A\w + s'\<b Fiw + s'))^ 

CL4-Instantiation, instance oi ^ P A Qi ^ P A ((q Ap^ Q2) n {q Ap^ Qs)) 

3. -n\w + s'\<b-->E{s)AF{s)-^E{s)A{E{s')nF{s')) abbreviating 2 

4. |i;|<b Axiom 13 

5. \v\<b v = w + s' ^ \w + s'\<b A\w + s\<b A (w + s)' = w + s' PA 

6. v = w + s' ^\w + s'\<b A\w + s\<b a{w + s)' = w + s' MP: 4,5 

7. -n\w + s\<buUz{z = w + s) Lemma [TOTSl 

8. ^|w + s|<b^ |ui + .s'|<b A |ui + .s|<b A (w + s)' = w + s'->£;(s) aF(s) ^£;(s) A (£;(s') n l^(s')) 

CL4- Instantiation, instance oi ~>p ^ qi Ap A q2 ^ Q 

{\t'\< b A E{t) A F{t) ^ E(t) A E{t')) ^ 

t = W + S~^\w + s'\<b A\w + s\<b A{w + s)' =W + s' ^ „^ , ^ . . r n-rrr^ 

9. I , ' / \\ f r, I I r n/ \\ CL4-lnstantiation. mstance of fllOOt 
{RA\w + s\<b^E{w + s)\ A{RA\w + s\<b^F{w + s)) ^ ' ^ ^ 



i?A \w + s\<b^E{w + s)) A (i?A |u; + s'|<b-)-£;(w + s')) 

(|t'|<bAi?(i)AF(t)^i?(t)Ai?(<'))^ , . _ , abbreviating 9 

1 = 1^ + 3 -^\w + s'\<b A\w + s\<b a{w + s)' = w + s' ^ E{s) A F{s) E{s) A E{s') 

^^ {\t'\<.bAE{t)AF{t)^Eit)A{Eit')uF[t')))^^ U-Choose:10 
t = w + s ^\w + s'\<b A\w + s\<b a{w + s)' = w + s' E{s) aF{s) ^ E{s) aE{s') 
(|t'| < b A E{t) A F{t) ^ E{t) A F{t')) ^ 

t = w + s ^ \w + s'\<b A\w + s\<b A (w + s)' = w + s' ^ . ^ . . , r jttttti, 
12. /„ I , ' , N\ I I , \\ CL4-Instantiation. mstance ot (IIOOII 
(i? A |w + s| < b i?(ti; + s)) A (i? A |w + s| <b ^ i^(w + s)) ^> ^ ' 

[RA\w + s\<b -^E{w + s)) A [R A\w + s'\<b -^F{w + s')) 

^3 {\t'\<bAE{t)AF{t)^Eit)AFit'))^ . . . , abbreviating 12 

t = w + s^\w + s'\<b A\w + s\<b a{w + s)' = w + s' ^ E{s) A F{s) -5> E{s) A F{s') 

^^ {\t'\<.bAEit)AFit)^Eit)AiEit')nFit')))^^ u_Choose: 10 

t = w + s~¥\w + s'\<b A\w + s\<b a{w + s)' = w + s' ^ E{s) A F{s) -s> E{s) A F{s') 

(\t'\< b A E{t) A F{t) ^ E{t) A {E(t') n ^ 

15. i = u; + s->|w + s'|<bA|w + s|<bA(w + s)' = t(; + s'^ n -Introduction: 11,14 
E{s) A F{s) ^ £;(s) A {E{s') n F(s')) 

16. t = w + s^\w + s'\<bA\w + s\<bA{w + s)' = w + s'-^E{s)AF{s)^Eis) A {E{s') n F{s')) MP: ([551.15 

\-\z{z = w + s)^ . 

\w + s'\<bA\w + s<b\A{w + s)' = w + s' ^E{s)AF{s)^E{s)A{E{s')nF{s')) ' '-introduction: lb 

18. |w + s'|<b A \w + s\<b a{w + s)' = w + s' E{s) aF{s) ^ E{s) A {E{s') n F{s')) U -Elimination: 7,8,17 

19. v = w + s' ^E{s)AF{s)~,E{s)A{E{s')nF{s')) TR: 6,18 

20. L\z{z = w + s')^E{s)AF{s)^E{s)A{E{s')nF{s')) H-Introduction: 19 

21. E{s)AF{s)~^E{s)A{E{s')nF{s')) U -Elimination: 1,3,20 

22. E{s)A{E{s')nF{s'))^E{s')n{F{s')AE{s)) CL4-Instantiation 

23. Eis) AF{s)^E{s')n{F{s') aE{s)) TR: 21,22 

24. s<T^E{s) aF{s) PTI: (IMl), 23 
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The following is a disabbreviation of (|10ip : 



PTA h s<r ^ 



{RA\w + s\<b ^ E{w + s)) A {RA\w + s\<b ^ F{w + s)). 



It is easy to see that, by CL4-lnstantiation, we also have 



PTA h ^s<T-i>(i?A|w + s|<b^> E{w + s)) A [R A\w + s\<b ^ F{w + s))j 
s<T aRa \w + s\<b ^ E{w + s) aF{w + s). 



Hence, by Modus Ponens, 



PTA h s<T A Ra \w + s\<b E{w + s) aF{w + s). 



(102) 



Now, the following sequence is an PTA- proof of the target formula R Aw<t<T ^ E{t) A F{t), which 
completes our proof of the present lemma: 

1. nxnyL\z{x = y + zUy = x + z) Lemma ll9.9l 

2. L\z{w = t + z Ut = w + z) ri-Elimination (twice): 1 

3. s = OUs?^0 Axioms 

4. 3 = 0-^ {w = t + s^t = w) PA 

5. {R^ E{w) aF{w)) {w = t + s^t = w) {w = t + s ^ R ^ E{t) A F{t)) CL4-Instantiation 

6. {w = t + s~^t = w)^{w^t + s^R^E{t)AF{t)) MP: (I97l),5 

7. s = 0~>w = t + s^R^E{t)AF{t) TR: 4,6 

8. s = 0^ w = t + s ^ RA'w<t<T ^ E{t) A F{t) Weakening: 7 

9. s^O^ w = t + s ^ ^'w<t<T PA 

10. s^O ^w = t + s ^ R Aw<t<T ^ E{t) AF{t) Weakenings: 9 

11. w = t + s^RA'w<t<T^E{t) AF{t) U -Elimination: 3,8,10 

12. \t\<b Axiom 13 

13. t = W + S AW<t<T ^ S<T PA 



15. t = w + s^RAw<t<T^E{t) AF{t) MP: 12,13, Uni, 14 

16. w = t + sut = w + s R Aw<t<T ^ E{t) AF{t) n -Introduction: 11,15 

17. Uz{w = t + zUt = w + z)-^RAw<t<T -^E{t) AF{t) Fl-lntroduction: 16 

18. RAw<t<T^E(t) AF(t) MP: 2,17 ■ 

Lemma 20.2 The following rule is admissible in PTA; 

R^F{w) RAw<t<TAF{t)^F{t') 
RAw<t<T^ F{t) ' 

where R is any elementary formula, w is any variable, t is any variable not occurring in R and different 
from b, F{t) is any formula, r is any b-term, and F{w) (resp. F{t')) is the result of replacing in F{t) all 
free occurrences of t by w (resp. t' ). 

Idea. This rule can be reduced to the rule of Lemma [20.11 by taking T and R Aw<t<T ^ F{t) in the 
roles of E{t) and F{t) of the latter, respectively. ■ 

ProoL Assume all conditions of the rule, and assume its premises are provable, i.e.. 



14. 



\t\<b A {t = w + s Aw<t<T s<t) A {s<T A RA\w + s\<b ^ E{w + s) A F{w + s)) 
^t = w + s ^ RAw<t<T ^ E{t) AF{t) 



CL4- Instantiation 



PTA h R^F{w); 



(103) 
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PTA \- RAw<t<TAF{t)^F{t'). 



(104) 



Our goal is to show that PTA h RAw<t<T ^ F{t). 
Let us agree on the following abbreviation: 



F{t) 



RAw<t<T^F{t). 



From (|103p . by Weakening, we have 



PTA h R^F{w). 



(105) 



We now claim that 



PTAh \t'\<b AT AF{t)^T A{TnF{t')). 



(106) 



This claim is justified a follows: 

1. -n\t'\<buUz{z = t') LemmalHH 

2. \w\ < b Axiom 13 

3. \w\<b ^ ^\t'\<b ^ t' T^w Logical axiom 

4. -.\t'\<b^t'^w MP: 2,3 

5. -^\t'\<b~^t' = wut'^w U -Choose: 4 

6. nx\~\y{y = x Uy^x) Lemma [18.31 

7. r = wUr^w Fl-Elimination (twice): 6 

8. r = w^r = t'^t' = w Logical axiom 

9. r = 'w ^r = t' ^t' = wut' T^w U-Choose:8 

10. r^w ^ r = t' ^t' *w Logical axiom 

11. ri^w ^r = t' ^t' =wut' i^w U-Choose: 10 

12. r = t' ^t' = wut'^w U -Elimination: 7,9,11 

13. L\z{z = t') ^t' = wut'^w ri-Introduction: 12 

14. t'=wut'^w U -Elimination: 1,5,13 

15. {R^F{w)) ^t' = w^{R^F{t')) CL4-Instantiation 

16. t'=w^{R^F{t')) MP: (Iin31),15 

17. t'=w^{RAw<t<T^F{t)) ^{RAw<t'<T^F{t')) Weakenings: 16 

18. t' ^ {w<t' <T ^W<t<T AW<t<T) PA 

{RAw<t<T AF{t)^F{t')) ^ 

{w<t' <T ^W<t<T AW<t<T) ^ {RAW<t<T ^ F{t)) [R AW<t' <T Fit')) 

CL4-Instantiation, instance oi {q Aps A P ^ Q) ^ {pi ^ p2 Aps) {q Ap2 ^ P) ^ {q Api ^ Q) 

20. {w<t'<T^w<t<T Aw<t<T)^ {RAw<t<T^F{t)) {RAw<t'<T^F{t')) MP: (fT04l) .19 

21. t'^w^{RAw<t<T^F{t))^{RAw<t'<T^F(t')) TR: 18,20 

22. {RAw<t<T^F{t)) ^ {RAw<t'<T^F{t')) U -Elimination: 14,17,21 

23. F{t)^F{t') abbreviating 22 

24. \t'\<b AT A F{t)^F{t') Weakenings: 23 

25. F{t') ^T A{Tn F{t')) CL4-Instantiation 

26. \t'\<b AT A F{t) ^T A{Tn F{t')) TR: 24,25 

From pUS)) and pUS|) . by the rule of Lemma [^ITTl we get PTA h R Aw<t<T ^T A F{t). Of course (by 
CL4-Instantiation) PTA h T AF(t) ^ F{t), so, by Transitivity, PTA \- RAw<t<T ^ F(t). Disabbrevi- 
ating the latter, we thus have 



PTA \- RAw<t<T^RAw<t<T^F{t). 
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We also have 

PTA h {RAw<t<T ^ RAw<t<T ^ F{t)) {RAw<t<T^F{t)) 

(the above formula is an instance of the obviously CL4-provable {p ^ p ^ Q) {p Q)). So, by Modus 
Ponens, we find that PTA proves the desired R A w <t<T F{t). ■ 

21 The extensional completeness of PTA 

This section is devoted to proving the completeness part of Theorem 112.31 It means showing that, for any 
arithmetical problem A that has a polynomial time solution, there is a theorem of PTA which, under the 
standard interpretation, equals ("expresses") A. 

So, let us pick an arbitrary polynomial-time-solvable arithmetical problem A. By definition, A is an 
arithmetical problem because, for some formula X of the language of PTA, A ~ X'' . For the rest of this 
section, we fix such a formula 

X, 

and fix 

X 

as an HPM that solves A (and hence X^) in polynomial time. Specifically, we assume that X runs in time 

where ^(b), which we also fix for the rest of this section and which sometimes can be written simply as ^, is 
a b-term (a term containing no variables other than b). 

X may not necessarily be provable in PTA, and our goal is to construct another formula X for which, 
just like for X, we have A = and which, perhaps unlike X , is provable in PTA. 

Remember our convention about identifying formulas of ptarithmetic with (the games that are) their 
standard interpretations. So, in the sequel, just as we have done so far, we shall typically write E,F, . . . to 
mean either E,F, . . . or E\F\ . . .. Similar conventions apply to terms as well. In fact, we have just used 
this convention when saying that X runs in time ^. What was really meant was that it runs in time . 

21.1 Preliminary insights 

Our proof is long and, in the process of going through it, it is easy to get lost in the forest and stop seeing it 
for the trees. Therefore, it might be worthwhile to try to get some preliminary insights into the basic idea 
behind this proof before venturing into its details. 

Let us consider the simplest nontrivial special case where X is 

Y{x)uZ{x) 

for some elementary formulas y{x) and Z(x) (perhaps Z{x) is -^Y{x)^ in which case X expresses an ordinary 
decision problem — the problem of deciding the predicate Y[x)). 

The assertion "^Y does not win X in time ^" can be formalized in the language of PA through as a certain 
formula L. Then we let the earlier mentioned X be the formula 

(y(x)vL) u(Z(x)vL). 

Since X does win game X in time ^, L is false. Hence Y{x) vL is equivalent to Y{x), and Z{x) vL is 

equivalent to Z[x). This means that X and X, as games, are the same, that is, x'^ = X"^ . It now remains 
to understand why PTA h X. 

A central lemma here is one establishing that the work of X is ^'provably traceable" . Roughly, this means 
the provability of the fact that, for any time moment t <^(b), we can tell ("can tell" formally indicated with 
U or U applied to the possible alternatives) the state in which X will be, the locations of its three scanning 
heads, and the content of any of the cells of any of the three tapes. Letting X work for ^(b) steps, one of 
the following four eventual scenarios should take place, and the provable traceability of the work of X can 
be shown to imply that PTA proves the U -disjunction of formulas describing those scenarios: 
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Scenario 1: X makes the move (and no other moves). 
Scenario 2: X makes the move 1 (and no other moves). 
Scenario 3: X does not make any moves. 

Scenario 4: X makes an illegal move (perhaps after first making a legal move or 1). 

In the case of Scenario 1, the play over X hits Y{x) vL. And PTA — in fact, PA — proves that, in 
this case, Y{x) V L is true. The truth of Y{x) V L is indeed very easily established: if it was false, then Y{x) 

should be false, but then the play of X over X (which, as a game, is the same as X) hits the false Y{x) and 
hence is lost, but then L is true, but then Y{x) vL is true. Thus, PTA h {Scenario 1) -^Y{x) vL, from 
which, by u -Choose, PTA h {Scenario 1) X. 
The case of Scenario 2 is symmetric. 

In the case of Scenario 3, (PTA proves that) X loses, i.e. L is true, and hence, say, Y{x) V L (or 
Z(a;) vL if you like) is true. That is, PTA h {Scenario 3) ^Y{x)\/'L, from which, by u -Choose, PTA h 
{Scenario 3) — > X. 

The case of Scenario 4 is similar. 

Thus, for each i G {1, 2, 3, 4}, PTA h {Scenario i) ->■ X. And, as we also have 

PTA I- {Scenario 1) U {Scenario 2) U {Scenario 3) U {Scenario 4), 

by U -Elimination, we find the desired PTA h X. 

The remaining question to clarify is how the provable traceability of the work of X is achieved. This 
is where PTI comes into play. In the roles of the two formulas E and F of that rule we employ certain 
nonelementary formulas E and F. With t being the "current time" , E{t) is a formula which, as a resource, 
allows us to tell ( u or U) the current state of X, and ( A ) the locations of its three heads, and ( A ) the 
contents of the three cells under the three heads. And ¥{t) allows us, for any (□) cell of any ( A ) tape, to 
tell ( U ) its current content. 

In order to resolve F(t') — that is, to tell the content of any (□) given cell #c at time t + 1 — all we 
need to know is the state of X, the content of cell =ffc, the locations of the scanning heads (perhaps only one 
of them), and the contents of the three cells scanned by the three heads at time t. The content of cell #c at 
time t can be obtained from (a single copy of) the resource F(f), and the rest of the above information from 
(a single copy of) the resource E{t). PTA is aware of this, and proves E{t) A ¥{t) -^> ¥{t'). 

Similarly, it turns out that, in order to resolve K{t'), a single copy of E{t) and a single copy of ¥{t) are 
sufficient, and PTA, being aware of this, proves ¥{t) A ¥{t) — >• E{t'). 

The above two provabilities, by n -Introduction, imply PTA h ¥{t) A¥{t) ^E{t') n¥{t'). This is al- 
most the inductive step of PTI. What is missing is a A -conjunct E{t) in the consequent. Not to worry. 
Unlike ¥{t), E{t) is a recyclable resource due to the fact that it does not contain n or □ (albeit it 
contains U,U). Namely, once we learn — from the antcccdcntal resource E{t) about the state of 
X, the locations of the three scanning heads and the cell contents at those locations at time t, we can 
use/recycle that information and "return/resolve back" E{t) in the consequent. A syntactic equivalent 
— or rather consequence — of what we just said is that the provability of E{t) A¥{t) ->E(t') n¥{t') im- 
plies the provability of E{t) A¥{t) {E{t') n¥{t')) AE{t), and hence also the provability of the weaker 
E{t) A ¥{t) ^ E{t') n (F(t') A E{t)) . 

Thus, PTA h E{t) A¥{t) ^E{t')n {¥{t') AE{t)). We also have PTA h E(0)aF(0), as this for- 
mula is essentially just a description of the initial configuration of the machine. Then, by PTI, PTA h 
t<£_{b) — ^ E{t) A ¥{t). This is exactly what we meant by the provable traceability of the work of X. 

The above was about the pathologically simple case of X = Y{x) uZ{x), and the general case will be 
much more complex, of course. Among other things, provable traceability would have to account for the 
possibility of the environment making moves now and then. And showing the provability of X would require 
a certain mctainduction on its complexity, which we did not need in the present case. But the idea that 
we have just tried to explain would still remain valid and central, only requiring certain — nontrivial but 
doable — adjustments and refinements. 
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21.2 The overline notation 



Throughout the rest of this seetion, we assume that the formula X has no free; oeeurrences of variables other 
than b. There is no loss of generality in making such an assumption, because, if X does not satisfy this 
condition, it can be replaced by the both semantically and deductively equivalent Fl-closure of it over all free 
variables different from h. 

We shall sometimes find it helpful to write X as 

X{b). 

When, after that, writing X{h) (where & is a constant), one should keep in mind that it means the result 
of substituting b by b in X{h) not only where we explicitly see b, but also in choice quantifiers □ and U, 
which, as we remember, are lazy ways to write and U''. So, for instance, if X{h) is \AxE{x) and c^b, 
then X{c) is not the same as X{b) even if b does not occur in E{x), because the former is \-i''xE{x) and the 
latter is U^xE{x). The same applies to any formula written in the form F{b, . . .), of course. 

Let us say that a formula is safe iff no two occurrences of quantifiers in it bind the same variable. For 
simplicity and also without loss of generality, we further assume that the formula X is safe (otherwise make 
it safe by renaming variables). 

Since X has no free variables other than b, for simplicity we can limit our considerations to valuations 
that send every non-b variable to 0. We call such valuations standard and use a special notation for them. 
Namely, for an integer b, we write 

for the valuation such that eb(b) — b and, for any other variable v, eb{v) — 0. 

By a politeral of a formula we mean a positive occurrence of a literal in it. While a politcral is not 
merely a literal but a literal L together with a fixed occurrence, we shall often refer to it just by the name 
L of the literal, assuming that it is clear from the context which (positive) occurrence of L is meant. 

We assume that the reader is sufficiently familiar with Godel's technique of encoding and arithmetizing. 
Using that technique, we can construct a sentence 

L 

of the language of PA which asserts — more precisely, implies — "Af does not win X in time ^" . 

Namely, let Ei{b,x), . . . , En{b, x) be all subformulas of X, where all free variables of each Ei{b, x) are 
among b,x (but not necessarily vice versa). Then the above sentence L is a natural formalization of the 
following statement: 

"There is a (finite) run T generated by X on some standard bounded valuation eb such that: 

1. T's time in V is not smaller than ^(6), or 

2. T is a T -illegal run of X{b), or 

3. r is a legal run of X{b) and there is a tuple c of constants (c of the same length as x) such 
that: 

• {T)X{b) = Ei{b,c), and we have -i\\Ei{b, c)\\ (i.e., \\Ei{b,c)\\ is false), 

• or . . ., or 

• {r)X{b) = En{b,c), and we have -i\\En(b, c)\\ (i.e., \\En{b,c)\\ is false)." 

As we remember, our goal is to construct a formula X which expresses the same problem as X does and 
which is provable in PTA. For any formula E — including X — we let 

E 

be the result of replacing in E every politeral L by L V L. 

Lemma 21.1 Any literal L is equivalent (in the standard model of arithmetic) to LvL. 
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Proof. That L implies L V L is immediate, as the former is a disjunct of the latter. For the opposite 
direction, suppose L vL is true at a given valuation e. Its second disjunct cannot be true, because X does 
win X in time ^, contrary to what L asserts. So, the first disjunct, i.e. L, is true. ■ 



Lemma 21.2 For any formula E, including X , we have — E . 

Proof. Immediately from Lemma 121.1 1 by induction on the complexity of E. ■ 

In view of the above lemma, what now remains to do for the completion of our completeness proof is to 
show that PTA h X. The rest of the present section is entirely devoted to this task. 

21.3 This and that 

Lemma 21.3 For any formula E, PTA h L ^ i?. 

Idea. E is a logical combination of "quasipoliterals" of the form L V L. Under the assumption (of 
the truth of) L, each such quasipoliteral becomes true and, correspondingly, E essentially becomes a logical 
combination of Ts. Any such combination is very easy to solve/prove. ■ 

Proof. We prove this lemma by induction on the complexity of E. 

If E has the form E[Hi U . . . U i?„], then, by the induction hypothesis, PTA h L — )« E[Hi]. From here, 
by U -Choose, we get the desired PTA h L E[Hi U . . . U i7„]. 

Quite similarly, if E has the form E[UxH{x)], then, by the induction hypothesis, PTA h E[H(v)] 
(for whatever variable v you like). From here, by U-Choose, we get PTA h L— >• E[UxH{x)]. 

Now assume E has no surface occurrences of U - and U-subformulas. The formula ||i?|| is a ( A , V , V, 3)- 
combination of Ts (originating from n - and Fl-subformulas when elementarizing E) and formulas i V L 
(originating from L when transferring from E to E) where L is a politeral of E. T is true. If L is true, then 
each L V L is also true no matter what the values of the variables of L are (if L contains any variables at 
all). Therefore, clearly, \\E\\, as a ( A , V , V, 3)-combination of (always) true formulas, is true. Formalizing 
this argument in PA and hence in PTA yields PTA h L ^> ||i5||, which, taking into account that L is an 
elementary formula and hence L = ||L||, is the same as to say that 

PTA h ||L^;b||. (107) 

Suppose E has the form E[Hi n . . . n i7„]. Then, by the induction hypothesis, PTA proves L — E[Hi] 
for each i E {1, . . . ,n}. Similarly, suppose E has the form E[nxH{x)]. Let ?; be a variable different from 
b and not occurring in E[nxH{x)]. Then, again by the induction hypothesis, PTA proves h ^ E[H{v)]. 
These observations, together with ()107|) . by Wait, yield the desired PTA \-h^ E. ■ 

We shall say that a run generated by the machine X is prompt iff ±'s time in it is 0. In a prompt 
run, the environment always reacts to a move by X instantaneously (on the same clock cycle as on which X 
moved), or does not react at all. An exception is clock cycle ^0, on which the environment can move even if 
X did not move. Such runs are convenient to deal with, because in them T's time equals the timestamp of 
the last move. And this, in turn, means that no moves by either player are made at any time greater or equal 
to ^{b), where b is the value assigned to b by the valuation spelled on the valuation tape of the machine. 

By our assumption, X wins X (in time ^), meaning that every run F generated by A" on a bounded 
valuation e is a T-won run of e[X], including the cases when F is prompt and e is standard. This allows us 
to focus on prompt runs and standard valuations only. Specifically, we are going to show that X is provable 
because X wins (in time ^) every prompt run of X on every standard bounded valuation. 

Further, for our present purposes, environment's possible strategies can be understood as (limited to) 
fixed/predetermined behaviors seen as finite sequences of moves with non-decreasing timestamps. Let us 
call such sequences counterbehaviors. The meaning of a counterbehavior 

{{ai,ti), {a2,t2), . . . , {an,tn)) 
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is that the environment makes move ai at time ti, move a2 at time t2, ■ ■ ■ , move q;„ at time If two 
consecutive moves have the same timestamp, the moves are assumed to be made (appear in the run) in the 
same order as they are hsted in the counterbehavior. 

Given a standard valuation e and a counterbehavior C — ((ai, ti), . . . , (a„, tn)), by the (C, e)-branch 
we mean the e-computation branch of X where the environment acts according to C — that is, makes move 
tti at time ti, . . . , move a„ at time And the (C, e)-run is the run spelled by this branch. 

For natural numbers b and d, we say that a counterbehavior C is (6, (i)-adequate iff the following three 
conditions are satisfied: 

1. the (C, ef,)-run is not a _L-illegal run of X{b); 

2. the (C, ef,)-run is prompt; 

3. the timestamp of the last move of C (if C is nonempty) is less than d. 

Thus, "C is (6, (i)-adequate" means that, using this counterbehavior against X with on the valuation tape 
of the latter, the environment has played legally (condition 1), acted fast/promptly (condition 2), and made 
all (if any) moves before time d (condition 3). 

Just as any finite objects, countcrbchaviors can be encoded through natural numbers. The code (Godel 
number) of an object O will be denoted by 

Under any encoding, the size of the code of a counterbehavior of interest will generally exceed the value of 
b. But this is not going to be a problem as we will quantify counterbehaviors using blind rather than choice 
quantifiers. 

For convenience, we assume that every natural number is the code of some counterbehavior. This allows 
us to terminologically identify counterbehaviors with their codes, and say phrases like "a is a (5, d)-adequate 
counterbehavior" — as done below — which should be understood as "Where C is the counterbehavior 
with a = '~C~', C is (6, d)-adequate" . Similarly, "the (a, e)-branch" (or "the (a, e)-run") will mean "the 
(C, e)-branch (or (C, e)-run) where C is the counterbehavior with a = '"C^" . 

Let E = E(b^s) he a, formula all of whose free variables are among b, s (but not necessarily vice versa). 
We will write 

W^(z,ti,t2,b,s) 

to denote an elementary formula whose free variables are exactly (the pairwise distinct) z,ti,i2,b,s, and 
which is a natural arithmetization of the predicate which, for any constants a, di, d2,b, c, holds — that is, 
W^(a, di,d2,b,c) is true — iff the following conditions are satisfied: 

• 0<di<d2<^{b); 

• a is a (6, c?i)-adequate counterbehavior; 

• where <& is the initial segment of the (a, e;,)-run obtained from the latter by deleting all moves except 
those whose timestamps are less than di, <I> is a legal position of E{b,c); 

• for the above $, we have {^)X{b) — E{b, c), and PA proves this fact; 

• either di = 1 or, in the (a, eb)-branch, X has made some move at time di~l (so that the effect of that 
move first took place at time di); 

• for any k with di<k<d2, no move is made at time k (i.e. no move has the timestamp k) in the 
(a, eb)-run. 

Thus, in the context of the (a, e;,)-branch, W^{a,di,d2,b,c} says that, exactly by time dil^ the play 
has hit the position E{b,c), and that this position has remained stable (there were no moves to change it) 
throughout the interval [di, ^2]. It does not rule out that a move was made at time ^2 but, as we remember, 
the effect of such a move will take place by time d2 + 1 rather than ^2. 

■^^Only considering nonzero times in this context. 
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It may be worthwhile to comment on the meaning of the above for the special case where t2 is £,{b). 
Keeping in mind that X runs in time ^(b), the formula 

w^(z,t,e(b),b,s), 

for any given values a, d, 6, c for z, t, h, s, asserts — or rather implies — that, in the scenario of the (a, Cf,)- 
branch, at time d, the play (position to which X has evolved) hits E{b, cj and remains stable ever after, so 
that E{b, c) is the final, ultimate position of the play. 

We say that a formula E or the corresponding game is critical iff one of the following conditions is 
satisfied: 

• E is sl U - or U-formula; 

• E is MyG or 3j/G, and G is critical; 

• _B is a V -disjunction, with all disjuncts critical; 

• E is a A -conjunction, with at least one conjunct critical. 

The importance of the above concept is related to the fact that (PA knows that) a given legal run of X 
is lost by X if and only if the eventual formula/position hit by that run is critical. 

Lemma 21.4 Assume E — E{b,s) is a non-critical formula all of whose free variables are among b,s. 
Further assume d,UJ,ip f^f^ '^^V terms (tp of the same length as s), and z is a variable not occurring in these 

terms or in E. Then 

PTA h 3zW'^[z,e,£,{Lo),Lo,^)^\\E{uj,^)\\. 

Idea. The antecedent of the above formula implies that some run of X generated by X yields the 

non-critical eventual position E{uj,4')- If ll^(<^j'0)ll is true, then so is ||i?(a;, '0)||- Otherwise, if ||i?(a;, -i/;)!! is 
false, X has lost, so L is true. But the truth of the formula L, which is disjuncted with every politeral of 
i?(w,-0), easily implies the truth of ||i?(aj, ■(/;)||. This argument is formalizable in PA. ■ 

Proof. Assume the conditions of the lemma. Argue in PA. Consider arbitrary values of 6, uj, ip, 
which we continue writing as 6, uj, ijj. Suppose, for a contradiction, that the ultimate position — that is, 
the position reached by the time ^(w) — of some play of X over X is i?(w, ip) (i.e., 3zW^(z, 6, ^(cj), cj, ip) is 

true) but ||i?(w, -0)11 is false. The falsity of ||i?(w, -0)11 implies the falsity of ||i?(a;, i/')!!- This is so because the 
only difference between the two formulas is that, wherever the latter has some politeral L, the former has a 
disjunction containing L as a disjunct. 

But ending with an ultimate position whose elementarization is false means that X does not win X in 
time ^ (remember Lemma l9.3p . In other words, 

L is true. (108) 

Consider any non-critical formula G. By induction on the complexity of G, we are going to show that 
||G|| is true for any values of its free variables. Indeed: 

If G is a literal, then ||G|| is G V L which, by ()108|) . is true. 

If G is i/i n ... n Hn or T\xH{x), then ||G|| is T and is thus true. 

G cannot he HiU ... U Hn or 'l\xH{x), because then it would be critical. 

If G is VyH{y) or 3yH{y), then ||G|| is Vj/||i?(j/)|| or 3y\\H{y)\\. In either case ||G|| is true because, by 
the induction hypothesis, (2/)|| is true for every value of its free variables, including variable y. 

li G is Hi A ... A Hn, then the formulas Hi, ... , Hn are non-critical. Hence, by the induction hypothesis, 
\\Hi\\, . . . , \\Hn\\ are true. Hence so is A ... A \\Hn\\ which, in turn, is nothing but ||G||. 

Finally, if G is HiV ... V Hn, then one of the formulas Hi is non-critical. Hence, by the induction 
hypothesis, \\Hi\\ is true. Hence so is \\Hi\\ V ... V \\Hn\\ which, in turn, is nothing but ||G||. 

Thus, for any non-critical formula G, ||G|| is true. This includes the case G — E{uj,'ip) which, however, 
contradicts our earlier observation that ||i?(a;, ?/;)|| is false. ■ 
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Lemma 21.5 Assume E = E{b, s) is a critical formula all of whose free variables are among b, s. Further 
assume O^UJ^ip are any terms (ip of the same length as s), and z is a variable not occurring in these terms 

or in E. Then 

PTA V- 3zW^(z, e, uj, i^) -> E{uj, 

Proof. Assume the conditions of the lemma. By induction on complexity, one can easily see that the 
elementarization of any critical formula is false. Thus, ||i?(a;, '0)1| is false. Arguing further as we did in the 
proof of Lemma [21.41 when deriving (|108p . we find that, if 3zW^(z, 9,£^{uj), lo, ip) is true, then so is L. And 
this argument can be formalized in PA, so that we have 

PTA h- 3zW^(z, 9, ^{uj), uj, if) ^ L. 
The above, together with Lemma [2l.3[ by Transitivity, implies PTA h 3zW^(z, 6, ^{oj), oj, V) E{u}, tp). ■ 



21.4 Taking care of the case of small bounds 

\£,{b)\ is logarithmic in b and hence, generally, it will be much smaller than b. However, there are exceptions. 
For instance, when b = 1 and ^(b) = b + b, the size of ^(b) is 2, exceeding b. Such exceptions will only occur 
in a finite number of cases, where b is "very small". These pathological cases — the cases with -i|^(b)|<b 
— require a separate handling, which we present in this subsection. The main result here is Lemma 121.111 
according to which PTA proves -i|^(b)|<b— >-X, i.e. proves the target X on the assumption that we are 
dealing with a pathologically small b. The remaining, "normal" case of \^{b)\ < b will be taken care of later 
in Subsection l21.6l 

For a natural number n, by the formal numeral for n, denoted n, we will mean some standard variable- 
free term representing n. For clarity, let us say that the formal numeral for zero is 00, the formal numeral 
for one is 01, the formal numeral for two is 010, the formal numeral for three is Oil, the formal numeral for 
four is OlOO, etc. 

The above-mentioned provability of-i|^(b)|<b^>X will be established through showing (Lemma 121. lOp 
that, for each particular positive integer b, including all of the finitely many 6's with <b, PTA proves 

b = b^ X. But we need a little preparation first. 

Lemma 21.6 Let r be any variable, b any positive integer, and N the set of all natural numbers a with 
\a\<b. Then 

PTAh b = &^ u{r = a \ aeN}. 

Idea. On the assumption b = b and due to Axiom 13, PTA knows that, whatever r is, its size cannot 
exceed b. In other words, it knows that r has to be one of the elements of N. The main technical part of 
our proof of the lemma is devoted to showing that this knowledge is, in fact, constructive, in the sense that 
PTA can tell exactly which ( U ) element of N the number r is. ■ 

Proof. Assume the conditions of the lemma. Obviously we have 

PA h |r|<b^b = 6^ V {r = a \ a € N}, 
modus-ponensing which with Axiom 13 yields 

PTA h b = 6^ V{r = a 1 a G iV}. (109) 
Next, consider any a G N. We claim that 

PTA h b = &^r = aur^a, (110) 

which is justified as follows: 

1. -.|a| <b U Uz(z = a) Lemma [WM 
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2. -.\a\<b^bA PA 

3. -^\a\<b-^ {b = b^L\z{z = a)) Weakening: 2 

4. Uz(z = a) — ^ (b = 6 — s> Uz(z = a)) CL4-Instantiation, instance of P (g P) 

5. b = b —)-\-\z{z = a) U -Elimination: 1,3,4 

6. nxny{y = xUy^x) Lemma 118.31 

7. s = rLls^r Fl-Elimination (twice): 6 

8. s = r s = a ^ r = a Logical axiom 

9. s = r s = a ^ r = aLlr^a U-Choose: 8 

10. S9^r ^ s^a^ TT^a Logical axiom 

11. s^r^.s^a^r = aUr^a U -Choose: 10 

12. s = a ^ r = dLir^a U -Elimination: 7,9,11 

13. L\z{z^a) ^ r = dur^a Fl-Introduction: 12 

14. b = b^r==dur^a TR: 5,13 

Now, with a little thought, the formula 

{b = b^ V{r = a | a e N}) A A {b = b^ r = dUr7^d \ a e N} ^ {b = b^ u{r = a \ a E N}) 

can be seen to be provable in CL3 and hence in PTA. Modus-ponensing the above with (|109p and (|110p 
yields the desired PTA h b = b-i- U {r = a \ a € N}. ■ 

Lemma 21.7 Let r be any variable, b any positive integer, and E{r) any formula. Assume that, for each 
natural number a with \a\<b, PTA ^ E{a). Then PTA hb^b^E{r). 

Proof. Assume the conditions of the lemma. Let N be the set of all numbers a with |a|<6. Consider 
any a E N. Clearly, by CL4-Instantiation, PTA h E{a) ^ r = a ^ E{r). Modus-ponensing this with the 
assumption PTA h E{a) yields PTA h r = a ^ E{r). This holds for all a e N, so, by n -Introduction, 
PTA h U{r = a | a e Nj-^E^r). But, by Lemma \TL6\ PTA h b = b->- u{r = a \ a G N}. Hence, by 
Transitivity, PTA h b = 6 ^ E{r). ■ 

Below and elsewhere, for a tuple c = Ci,...,Cn of constants, c stands for the tuple ci, . . . , Cn. 

Lemma 21.8 Assume E = E[b, s) is a formula all of whose free variables are among b, s, b is any positive 
integer, and a,di,d2,c are any natural numbers (c of the same length as s). Then W^{a,di,d2,b,c) is true 
iff it is provable in PA. 

Proof. PA only proves true sentences. PA is also known to prove all "mechanically verifiable" (of 
complexity to be precise) true sentences such as W^(a, di, ^2, 6, c) is if true. ■ 



Lemma 21.9 Under the conditions of Lemma \21.8\ ifW^{a,di,d2,b,c) is true, thenPTA h b = b ^ E{b,c). 

Idea. In the context of the (a, eh)-branch, the assumptions of the lemma imply that, at some (di) point, 
the play hits the position E(b, cj. X may or may not make further moves to modify this position. 

If a move is made, it brings us to a new position expressed through a simpler formula, from which E{b, c) 
follows by n -Choose or Fl-Choose. This allows us to apply the induction hypothesis to that formula, and 

then find the provability of b =5 — s> i?(6, c) by the corresponding Choose rule. 

Suppose now no moves are made, so that the play ends as E{b,c). This position has to be non-critical, 
or otherwise X would be the loser. Then Lemmas 121.41 and 121.81 allow us to find that the elementarization 
of the target formula is provable. Appropriately manipulating the induction hypothesis, we manage to find 
the provability of all additional premises from which the target formula follows by Wait. ■ 
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Proof. Our proof proceeds by induction on the complexity of E{b,s). Assume W^{a,di,d2, b,c) is 
true. We separately consider the following two cases. 

Case 1: W^(a, di, ^(6), &, c) is not true. On the other hand, by our assumption, W^(d, di, ^2, b, c) is true. 
The latter implies that, in the (a, efc)-branch, the play reaches (by time di) the position c) which persists 
up to time d2] and the former implies that this situation changes sometime afterwards (the latest by time 
^(6)). So, a move is made at some time m with d2<m<^{b). Such a move /3 (the earliest one if there are 
several) cannot be made by the environment, because, as implied by the assumption {d,di, d2,b, c), a is 
a (&, (ii)-adequate counterbehavior. So, /3 is a move by X. Since X wins X, (3 cannot be an illegal move of 
the play. It is obvious that then one of the following conditions holds: 

(i) There is a formula H = H{b,s) which is the result of replacing in E{b,s) a surface occurrence of a 

subformula Gi U ... U Gn by one of the G,'s, such that W^(a, to', m', b, c) is true. 

(ii) There is formula H — H{b,s,r), where r is a variable not occurring in E{b,s), such that H{b,s,r) 

is the result of replacing in E{b,s) a surface occurrence of a subformula UyG(y) by G(r), and 
W^(a, to', m', 6, c, fc) is true for some constant k with \k\<b. . 

Thus, H{b, c) (in case (i)) or H{b, c, fc) (in case (ii)) is the game/position to which E{b, c) is brought down 
by the above-mentioned legal labmove T/3. 

Assume condition (i) holds. By the induction hypothesis, PTA h b = b ^ H{b, c). Then, by U -Choose, 

PTA h b = b^E{b,c). 

Assume now condition (ii) holds. Again, by the induction hypothesis, 

PTAh b^b^H{b,c,k). (Ill) 
Obviously CL4 h (p— > Qif)) {t^ f -^p^ Qi^)) whence, by CL4-Instantiation, 

PTA h {b=b^H{b,£,k)) {r = k^b = b^H{b,c,r)). 
Modus-ponensing the above with (lllip yields 

PTA h r = k^{b = b^H{b,d,r)) 

from which, by U-Choose, 

PTA h r = k^{b = b^E{b,c)) 

and then, by Fl-Introduction, 

PTA h Uz(z = fc) ^ (b = 6^£:(6,c)). (112) 

We also have 

PTA h b = 6^Uz(z = fc), (113) 

justified as follows: 

1. -^\k\<buL\z{z = k) LemmaHMl 

2. ^|fc|<fa^b^S PA 

3. -^\k\<b^b = b^L\z{z = k) Weakening: 2 

4. L\z{z = k) -^b = b—>-\-\z{z = k) CL4-Instantiation, instance of P ^ g ^ P 
6. b = b -^Uziz = k) U -Elimination: 1,3,4 

From (fm]) and (fm]) , by Transitivity, PTA \- b = b ^ b = b ^ E{b,d). But, by CL4-Instantiation, we have 

PTA h {b = b^b^b^ E{b,c)) ^ {b = b^E{b,c)) 
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(this matches {p^p^ Q) ^ {p^ Q)). Hence, by Modus Ponens, we find PTA h b = 6 — > E{b, c), as desired. 

Case 2: W^{a,di,£_{b),b,c) is true. Then, by LemmamU PTA proves W^{a,di,£,{b),b,c). PTA also 
proves the following formula because it is a logical axiom: 

W^(a, di,^{b), b, c) ^ 3zW-^(z, rfi, f (6), S, c). 

Hence, by Modus Ponens, 

PTA h 3zW^(z,cli,C(6),S,c). (114) 

W^(a, di, ^(&), 6, c) implies that E{b,c) is the final position of the play over X according to the scenario of 
the (a, eb)-branch. Note that, therefore, E{b, s) cannot be critical. This is so because, as observed earlier, 
the elementarization of any critical formula is false, and having such a formula as the final position in some 
play would make X lose, contrary to our assumption that X (always) wins X. Therefore, by Lemma |21.4( 

PTA h 3zW^{z,di,^{b),b,c) ^ \\E{b,c)\\. 

Modus-ponensing the above with (|114p yields PTA h ||i?(6,c)||, from which, by Weakening, PTA \- b = b^ 
\\E{b,c)\\, which is the same as to say that 

FTAh \\b = b^ E{b,d)\\. (115) 

Claim 1. Assume E{b, c) has the form H[Gi n . . . n G„i], and i G {1, . . . , m}. Then PTA \- b = b^ E[[Gi]. 

Proof. Assume the conditions of the claim. Let F ~ F{b, s) be the formula such that F{b, c) = H[Gi]. 
Let (3 be the environment's move that brings H[Gin ... nGm] to H[Gi]. Let k be the (code of the) 
counterbehavior obtained by appending the timestampcd move {j3,di-l) to (the counterbehavior whose 
code is) a. Since W^(a, di, ^2, c) is true, obviously W^(fc, di, di, &, c) also has to be true. Then, by the 
induction hypothesis, PTA h b = b^F(b,c), i.e. PTA h b = b^H[G^]. ■ 

Claim 2. Assume E{b,c) has the form H[nyG{y)], and r is an arbitrary non-b variable not occurring 
mE{b,x). Then PTA h b = b^H[G{r)]. 

Proof. Assume the conditions of the claim. Let F — F{b,s,r) be the formula such that F{b,c,r) = 
H[G{r)]. For each constant m whose size does not exceed b, let /3m be the environment's move that 
brings H[nyG{y)] to H[G{m)], and let km be the (code of the) counterbehavior obtained by appending 
the timestampcd move (/3m,di-l) to (the counterbehavior whose code is) a. Since W^(d, di, d2, 6, c) is 
true, obviously, for each constant m with |m|<6, W^(fc„i, di, di, 6, c, m) is also true. Then, by the in- 
duction hypothesis, PTA h b^b ^ F{b,c,m), i.e. PTA h b = b ^ H[G{m)]. But then, by Lemma [^TTl 
PTA h- b = b^b = b^ F{b,&,r), i.e. PTA h b = b ^ b = b ^ H[G{r)]. By CL4-Instantiation, we also have 

PTA h {b = b^b = b^H[G{r)]) ^ {b = b ^ H[G{r)]) 

(this is an instance of (p^p^Q) (p^Q)). So, by Modus Ponens, PTA h b = b ^ H[G{r)]. ■ 

From (fTTSj) . Claim 1 and Claim 2, by Wait, we find the desired PTA h b = 6 ^ E{b, 5). ■ 



Lemma 21.10 For any positive integer b, PTA h b = b ^ X{b). 

Proof. Consider any positive integer b. Let a be (the code of) the empty counterbehavior. Of course, 
W^(d, i, i, b) is true. Then, by LemmallUll PTA h b = 6 ^ X{b). But the formula 

{b = b^X{b)) ^ (b = 6^X(b)) 

is an instance of the CL4-provable {b = f ^ P{f)) (fa = /— >P(fa)) and, by CL4-Instantiation, is provable 
in PTA. Hence, by Modus Ponens, PTA h b = b^X{b). ■ 
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Lemma 21.11 PTA h ^|C(b)| < b ^ X(b). 

Idea. PTA knows that, if -'|^(b)|<b, then b = b for one of finitely many particular ("very small") 
positive integers b. Furthermore, as in Lemma l21.6[ we can show that such knowledge is constructive, in the 
sense that PTA can tell ( U ) exactly for which b do we have b = b. Then the desired conclusion easily follows 
from Lemma [2 1.1 01 ■ 

Proof. The size of ^(b) can be greater than b for only a certain finite number of "small" non-0 values 
of b. Let N be the set of all such values. Obviously 

PA h b^O^^|C(b)|<b^ V{b = a\ae N}, 

modus-ponensing which with Lemma ll3.2l vields 

PTA h ^|C(b)|<b^ V{b = a I a e iV}. (116) 

By Lemma [2 1.1 01 for each a e iV we have PTA h b = a — > -'^(b). Hence, by n -Introduction, 

PTA h u{b = a I a e 7V}-^X(b). (117) 

Next we claim that 

for each a e N, PA\- b = dub^a. (118) 
Below is a justification of this claim for an arbitrary a N: 

1. -n\a\<b uU z{z = a) Lemma [WM 

2. -.\a\<b^b^a PA 

3. -^\a\<b ^b = aub*a U-Choose:2 

4. nx\~\y{y = x\Jy7^x) Lemma [18.31 

5. s = bus5^b ri-Elimination (twice): 4 

6. s = b^s = a^b = a Logical axiom 

7. s = b-^s = a^b = aLlb*a u -Choose: 6 

8. ST^b ^ s = a ^ b^a Logical axiom 

9. S7^b^s = a^b = aLlb^a u -Choose: 8 

10. s = a^b = a\Jb7^a U-Ehmination: 5,7,9 

11. Uz{z^a) ^ b^aub^a Fl-Introduction: 10 

12. b^aub^a U -Elimination: 1,3,11 

The following formula can be easily seen to be provable in CL3 and hence in PTA: 

PTA h A{b=aub^a \ ae N}^ V {b=a \ ae N}^ u{b=a \ ae N}. 

Modus-ponensing the above with ()118p yields 

PTA h v{b = a I a e iV}^ u{b=a I a e iV}. (119) 

Now, from (fTTH]) . (fTT9|) and (fTT7| . by Transitivity applied twice, we get PTA h ^|^(b)| < b ^ X(b) as 
desired. ■ 

21.5 Ptarithmetizing HPM-computations 

In this subsection we prove the earlier- mentioned "provable traceability" of the work of A", in a certain tech- 
nically strong form necessary for our further treatment. As we remember, roughly it means the constructive 
knowledge by PTA of the configurations of X in its interaction with a given adversary (the latter thought 
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of as a countcrbchavior) . The present elaboration is the; first relatively advanced example of "ptarithm,e- 
tization" or, more generally, clarithmetization" — extending Godel's arithmetization technique from the 
classical context to the context of computability logic. 

Let STATES he the set of all states of the machine X, and SYMBOLS he the set of all symbols that may 
appear on any of its tapes. As we know, both sets are finite. We assume that the cells of each of the three 
tapes are numbered consecutively starting from (rather than 1). 

Below we introduce elementary formulas that naturally arithmetize the corresponding metapredicates. 

• Adequate{z,w,t) means "0 is a (w, f)-adequate counterbehavior" . 

• For each a e STATES, Statea{z,w,t) means "In the (^;, et„)-branch, at time t, X is in state a". 

• For each a e SYMBOLS, VSymbolg^{z,w,t,u) means "In the (z, eu,)-branch, at time t, cell #u of 
the valuation tape contains symbol a". Similarly for WSymholg_{z,w,t,u) (for the work tape) and 
RSymbolg^{z,w,t,u) (for the run tape). 

• VHead{z,w,t,u) means "In the (z, e„)-branch, at time t, the head of the valuation tape is over cell 

Similarly for WHead{z,w,t,u) (for the work tape) and RHead{z,w,t,u) (for the run tape). 

• Runsize{z, w, t, u) means "In the (z, eu;)-branch, at time t, the leftmost blank cell of the run tape is 
cell 

• E(z,t) abbreviates 

Adequate{z,b,t) A 
u{Stateaiz,b,t) \ a e STATES} A 

(3x(Runsize{z, b, t, x) A \x\ < b) □ \-\xRunsize{z, b, t, x)^ A 
U.t( VHead{z, b, t, x) A U { VSymhol^{z, b,t,x) | a G SYMBOLS}) A 
Ua;( WHead{z, b,t,x)Au{ WSymbol^{z, b,t,x) \aG SYMBOLS}) A 
UxlRHead{z,b,t,x)A u {RSymbol^{z,b,t,x) \ a e SYMBOLS}). 

• ¥{z,t) abbreviates 

na;( U { VSymbol^{z, b,t,x)\a€ SYMBOLS}) A 
na;( U { WSymbol^iz, b,t,x) [ a G SYMBOLS}) A 

(nx{ u { WSymbol^{z, b,t,x) \aG SYMBOLS}) n na;( u {RSymbol^{z, b,t,x) \aG SYMBOLS})'^ . 

Note that both formulas E(z,t) and ¥{z,t), in addition to z and t, contain b as a free variable, which we 
however do not explicitly indicate as it will never be replaced by any other term. 
We use 3! as a standard abbreviation, defined by 

3\zT{z) = 3z(T{z)Ayy{T{y)^y = z))). 

Let z be any variable and T - let us (also) write it in the form T{z) — any elementary formula. We say 
that T is functional for z iff PTA h 3\zT{z). 

For variables z,t and an elementary formula T = T{z) functional for z, we will be using E(z^,t) as an 
abbreviation defined by 

E{z'^,t) = Vz(T(z)^E(z,t)). 

Similarly for ¥{z'^,t). It is our convention that, whenever using these abbreviations, the variables z and t 
are not the same, so that t does not get bound by the external Vz. Similarly, if we write E(z-^, 0) or F(z^, 9) 
where ^ is a term, it will be assumed that 6 does not contain z. 

Lemma 21.12 For any elementary formula T functional for z, PTA proves 

E(z^, t) E(z^, t) A E(z'^, t). 
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Idea. As explained in Subsection 121.11 E — whether in the form E(z,t) or E{z'^,t) — is essentiahy a 
"recyclable" resource because it does not contain n ■ 

Proof. Bottom-up, a proof of the target formula goes like this. Keep applying Fl-Introduction and 
n -Introduction until the antecedent (in the given branch of the proof tree) becomes 

Adequate{z,h,t) A 
Statea{z,b,t) A 
Runsize{z,b,t,u) A 

( VHead{z, b, t, v) A VSymbol^{z, b, t, v)) A 
(^WHead{z,b,t,w) A WSymbol^{z,b,t,w)) A 

(^RHead{z, b, t, r) A VSymholj^{z, b, t, r))^ 

— or, maybe, the same but with "~n3x (^Runsize{z , b, t, x) A \x\ < b)" instead of "Runsize{z, b, t, m)" — for some 
variables u,v,w,r, state a and symbols b,c,d. Then apply a series of U -Chooses and U-Chooses and bring 
the consequent to a conjunction of two copies of the antecedent. Now we are dealing with a classically valid 
and hence provable elementary formula of the form F —>■ F A F. M 

Lemma 21.13 For any elementary formula T functional for z, PTA proves 

E{z^,t)A¥{z^,t)^¥{z^,t'). (120) 

Idea. For reasons in the spirit of an explanation given in Subsection 121. 1[ a single copy of the resource 
Eiz'^ , t) and a single copy of the resource V{z^ , t) turn out to be sufficient so solve the problem F(z-^, t'). m 

Proof. The following formula is provable in CL4 by Match applied three times: 

yz{Pi{z)AP2{z)-^P^{z)) ^ {yz{q{z)^Pi{z))A^z{q{z)^P2{z))^yz{q{z)^P^{z))y (121) 

Consider the formula 

Vz(^E(z,<) AF(z,i)^F(z,^'))- (122) 
The formula (fT22)) (fT20)) . which — after disabbreviating z'^ in p20)) — is 

Vz(^E(z, t) A F(z, t) ^ F(z, <')) ^ (Vz(T(z) ^ E(z, t)) A \lz{T{z) ^ F(z, t)) ^ Vz(T(z) F(z, t'))) , 

can be seen to be an instance of p2ip and hence, by CL4-Instantiation, provable in PTA. Therefore, if 
PTA proves (|122p . then, by Modus Ponens, it also proves the target (|120p . Based on this observation, we 
now forget about (|120p and, in what follows, exclusively devote our efforts to showing that PTA h p22p . 

This is one of those cases where giving a full formal proof in the style practiced earlier is not feasible. 
But by now we have acquired enough experience in working with PTA to see that the informal argument 
provided below can be translated into a strict PTA-proof if necessary. 

Argue in PTA. Consider an arbitrary (V) counterstrategy z. The context of our discourse will be the 
play of X against z on the standard valuation ej, — the (z, eb)-branch, that is. Assume that a single copy of 
the antecedental resource E(z, t) A F(z, t) is at our disposal. We need to show how to resolve the consequental 
problem F(z, t'). 

For resolving the first conjunct of F(z, i'), we need to tell, for an arbitrary (□) given x, the content of cell 
^x of the valuation tape at time t' . This is very easy: the content of the valuation tape never changes. So, 
the symbol in cell #a; at time t' will be the same as at time t, and what symbol it is we can learn from the 
first conjunct of (the antecedental resource) F(z,t). In more detailed terms, a solution/deduction strategy 
corresponding to the above outline is to wait (bottom-up Fl-introduction) till the environment specifies a 
value (syntactically, a "fresh" variable) s for x in the first A -conjunct of F(z,t'); then, using the same s 
(bottom-up U-Choose), specify the value of x in the first A -conjunct of F(z, t)\ after that, wait (bottom-up 
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n -introduction) till the environment selects one of the U-disjuncts in the first A -conjunct of ¥{z,t) (or 
rather of what that formula has become), and then select (bottom- up U -Choose) the same U -disjunct in 
the first A -conjunct of W{z,t'). Henceforth we will no longer provide such details, and will limit ourselves 
to just describing strategies, translatable (as we just saw) into bottom-up PTA-deductions. 

For resolving the second conjunct of ¥{z, t'), we need to tell, for an arbitrary (□) given x, the content of 
cell #a; of the work tape at time t'. This is not hard, either. At first, using the fifth conjunct of E(z, t), we 
determine the location m of the work-tape head and the tape symbol cw at that location at time t. lira ^ x 
fLemma 118.31 can be used to tell whether this is the case or not), then the symbol in cell i^x at time t' will 
remain the same cw- Suppose now m = x. Then we further use the second, fourth and sixth conjuncts of 
E(z, t) to learn about the state a of the machine at time t and the symbols cy and cr scanned at that time 
by the heads of the valuation and the run tapes. Now, knowing cv,cw,cr and a, based on the transition 
function of X, we can tell what symbol will be written in cell #a; of the work tape by time t' . 

The left n -conjunct of the third A -conjunct of F(z, t') is identical to the second A -conjunct of F(z, t'), 
and it can be resolved as we just saw above. However, to avoid an (unacceptable/unavailable) repeated 
usage of resources, we will employ the first n -conjunct of the third A -conjunct of F(z,<) instead of the 
second A -conjunct of ¥{z,t) as was done in the previous case. Of course, we will also need to use some 
parts of the resource E(z, t) which were already used by the procedure of the previous case. This, however, 
does not create any resource conflicts. Because any information extracted from E(z,t) earlier is still there, 
so the relevant parts oiE{z,t) do not really need to be "queried" again, as we already know answers. That 
(re)using ¥,(z, t) does not create any competition for resources should be remembered through the remaining 
part of this proof and the proof of the following lemma as well. This phenomenon of the "recycleability" of 
E(z,t) was, in fact, already established in Lemma [2 1.1 21 

Finally, for resolving the right n -conjunct of the third A - conjunct of ¥{z,t'), we need to tell, for an 
arbitrary (□) given x, the content of cell #x of the run tape at time t'. This is how it can be done. Let us 
call j the location of the leftmost blank cell of the run tape at time t. At first, we wait till the environment 
selects one of the u-disjuncts of the third A -conjunct of E(z,t). If the left disjunct is selected, then b<\j\ 
(or else the selected disjunct is false and we win). Then we also have (|a;| < \j\ and hence) x<j, because the 
size of (the U -bound) x cannot exceed b. If the right disjunct is selected instead, the environment will have 
to further provide the actual value of j. Then, using Lemma 119. 9[ we can figure out whether x<j or not. 
Thus, in either case, we will know whether x<j or x>j and, if x>j, we will also know the value of j. First, 
suppose x<j. Then the content of cell =ffx at time t' is obviously the same as at time t, and information 
about this content can be obtained from the right n -conjunct of the third A -conjunct of F(z, t)^ Similarly 
if the state of X was not a move state at time t (and information about whether this was the case is available 
from the second conjunct of E(2,t)). Now assume (we know the value of j and) x>j, and also assume the 
state of X at time t was a move state. If x=j (use Lemma [18.31 to tell if this is so or not), then the content 
of cell #x at time t' will be the symbol T. Otherwise, if x^j, meaning that x>j, then the content of cell 
i^x at time t' will be the content c of cell ^{x-j-l) of the work tape at time t (Lemma 119.91 can again 
be used to compute the value of x-j-1). Such a c can be found using the left n-conjunct of the third 
A -conjunct of F(2;, t). Well, what we just said is true unless x-j-1 is greater than or equal to the location 
of the work-tape head at time t (known from E(z,t)), in which case the content of cell ^x of the run tape 
at time t' will be blank. ■ 



Lemma 21.14 For any elementary formula T functional for z, PTA proves 

|i'|<faAE(z'^,i) AF(z^,t)-^E(z^,t')- (123) 

Idea. As in the previous lemma, a single copy of the resource ¥{z'^ ^ t) and a single copy of the resource 
V{z'^ ,t) turn out to be sufficient so solve the problem E(z"^,t'). A minor additional technical condition for 
this in the present case is that the size of t' should not exceed b. ■ 

Proof. For reasons similar to those given at the beginning of the proof of Lemma 121. 13[ it would be 

^^The third A-conjunct of ¥(z,t) was already used in the previous paragraph. But there is no resource conflict here, as we 
have a choice (rather than parallel) conjunction between the problems whose solutions are described in the present and the 
previous paragraphs, so that only one of them will actually have to be solved. 
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sufficient to sliow the PTA-provability of the following formula instead of (|123p : 



Vz(|t'| < b A E(z, t) A F(z, t) ^ E(z, t')) • (124) 

Argue in PTA. Consider an arbitrary (V) counterstrategy z. As in the proof of the previous lemma, the 
context of our discourse will be the play according to the scenario of the (z, eb)-branch. Assume \t'\ < b. And 
assume that a single copy of the resource E(z, t) A F(z, t) is at our disposal. We need to show how to resolve 
E{z,t'). 

The first conjunct of E(z,i) is Adequate(z, b,t). It implies that the environment does not move at t or 
any greater time, so that z will remain adequate for any value greater than t as well. Thus, Adequate{z, b, t') 
is true, which takes care of the first conjunct of K{z, t'). 

The resource E(z, t) contains full information about the state of the machine at time t, the locations of 
the three scanning heads, and the symbols at those three locations. This allows us to determine the next 
state, and the next locations of the heads ("next" means "at time i'"). Note that we will have no problem 
naming those locations, as they cannot exceed t' (moving a head farther than cell would require more 
than t' steps) and hence, in view of the assumption |t'|<b, their sizes cannot exceed b. What we just said 
fully takes care of the second conjunct of E(z,<'), and partially takes care of the fourth, fifth and sixth 
conjuncts. To turn this "partial care" into a full one, we need to show how to tell the symbols looked at by 
the three heads at time t' . 

The content of the cell scanned by the valuation-tape head at time t' will be the same as the content of 
that cell at time t, and this information can be obtained from the first conjunct of F(z,t). 

Since scanning heads (almost) always move left or right, the content of the cell scanned by the work-tape 
head at time t' will generally also be the same as the content of that cell at time t, which can be obtained 
from the second conjunct of F(z, t). An exception is when the head is at the beginning of the tape at time 
t, writes a new symbol and tries to move left which, however, results in staying put. In such a case, we can 
obtain the symbol just written (i.e., the content of the cell scanned by the head at time t') directly from our 
knowledge of the transition function and our knowledge — already obtained earlier from E(z,t) — of the 
state of X and the contents of the three cells scanned at time t. 

Let the cell scanned by the head of the run tape at time t' be cell #i (the value of i has already been 
established earlier). Let the leftmost blank cell of that tape at time t be cell #j. Since the run-tape head 
can never move past the leftmost blank cell, we have either i=i or {i^^j and hence) i<j. The third conjunct 
of E(z,i) in combination with Lemma Fl 8 . 31 can be used to tell which of these two alternatives is the case. If 
i<j, then the content of the run-tape cell #i at time t' will be the same as at time i, and this information 
can be obtained from the right n -conjunct of the third A -conjunct of F(z, t). Similarly if the state of X was 
not a move state at time t (and information about whether this was the case is available from the second 
conjunct of E(z,i)). Assume now i=j, and the state of X at time t was a move state. Then the content of 
cell at time t' will be the symbol T (the label of the move made at time t). 

The above three paragraphs complete taking care of the fourth, fifth and sixth conjuncts of E(z, t'). 

Finally, to solve the remaining third conjunct of E(z, t'), wait till the environment selects one of the two 
U-disjuncts of the third conjunct of E(z,i). If the left disjunct is selected there, do the same in the third 
conjunct of E(z,i'). Suppose now the right conjunct is selected. Wait till the environment further specifies 
a value j for x there. If X is not in a move state at time t, do the exact same selections in the third conjunct 
of E(z, t'). Suppose now A:" is in a move state at time t. Then the location of the leftmost blank cell at time 
t' will be j + i + where i is the location of the work-tape head at time t. Using the results of Section[T9l try 
to compute m with m=j + i + l. If |m| turns out to exceed b, select the left U-disjunct of the third conjunct 
of E(z,t'). Otherwise select the right disjunct, and specify a: as to there. ■ 



Lemma 21.15 For any elementary formula T functional for z, PTA proves 

\t'\ < b A E(z^, t) A F(z^, t) ^ E(z^, t) A (E(z^, t') n F(z^, t')) . 

Idea. This is a logical consequence of the previous three lemmas (i.e. a consequence exclusively due to 
logical axioms and rules, without appealing to induction or any nonlogical axioms of PTA). Correspondingly, 
the proof given below is a purely syntactic exercise. ■ 
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Proof. The following sequence is a CL4-proof: 

1. (pi A T) A (± A _L ^ T) A (g A ± A _L ^ T) ^ 9 Api A T -^P2 A T Tautology 

2. (pi -^P2 Aps) A (± A ± ^ T) A (9 Ap3 Ap4 ^Ps) Api Ap4 Ap5 Tautology 

3. (pi ^>P2 Aps) A (Qi A (32 ^ Q4) A Ap3 Ap4 ^Ps) ^9 Api Ap4 Ap5 Wait: 2 

4. (pi ^>P2 A Qi) A [Qi A (32 ^ Q4) A A (3i A (32 ^ Qz) 9 Api A (32 A (33 Match (3 times): 3 

5. (pi — s> p2 A P3) A (p3 A p4 — s> P5) A (g A ± A _L ^ T) — ^ (7 A pi A p4 — ^ P2 A p5 Tautology 

6. (pi^P2Ap3)A(p3Ap4^P5)A(gA(3iA(32-^(33)^'7ApiAp4^P2Ap5 Wait: 5 

7. (pi -^P2 A Qi) A ((3i A (32 Q4) A A (3i A (32 ^ Q3) 9 Api A (32 ^P2 A (34 Match (3 times): 6 

8. (pi-^P2A(3i)a((3i A(32^(34)A(gA(3iA(32^(33)^9ApiA(32^P2A((33nQ4) Wait: 1,4,7 

9. [Qi ^ (3i A Qi) A [Qi A (32 ^ (34) A (g A (3i A (32 ^ (33) ^ 9 A (3i A (32 ^ (3i A {Qj, n Q4) Match (twice): 8 

The following formula matches the last formula of the above sequence and hence, by CL4-Instantiation, 
it is provable in PTA: 

(E(z^, t) E(z^, t) A E(z^, t)) A (E(z^, t) A F(z^, i) ^ F(z^, t')) A (|t'| < fa A E(z^, i) A F(z^, <) ^ E(z^, i')) 
< fa A E(z'^, i) A F(z^, t) ^ E(z^, <) A (E(z'^, i') n F(z^, i')) ■ 

But, by Lemmas I21.12[[^1.13l and 12 1 . 141 the three conjuncts of the antecedent of the above formula are 
also provable. Hence, by Modus Ponens, so is (the desired) consequent. ■ 

Lemma 21.16 Assume R is an elementary formula, w is any variable, t is a variable other than b, z is a 
variable other than b,w,t, T is an elementary formula functional for z, and 

PTA h i?^E(z^,w) aF(z'^,i(;). (125) 

Then 

PTA h i?Aw<i<^(fa) ^E(2^,t) AF(z^,t). (126) 
Proof. Immediately from Lemmas 121.151 and 120.11 ■ 

21.6 Taking care of the case of large bounds 

We will be using 

A(z, r, t) 

for a natural formalization of the predicate saying that r<i, is a (fa, r)-adequate counterbehavior (so that 
fa is a hidden free variable of this formula) and, in the (z, e[,)-branch, X is not in a move state at any time 
V with r<v<t. 

Next, we will be using 

B(z,r,i) 

as an abbreviation of 

t<^{b) A A(z, r, t) A ^A(z, r, t'). 

In the context of the (z, eb)-branch, ]B(z,r, t) thus asserts that, on the interval [r, t], one single move /3 
was made, and it was made exactly at time t. Note that, since the condition of the (fa, r)-adequacy of z is 
implied by (A(z, r, t) and hence) B(z, r, <), PA knows that the above move /3 can only be made by X. 

For a variable z and an elementary formula T functional for z, as we did in the case of E and F, we will 
write A (2^, r, t) as an abbreviation of Vz(T A(z, r, t)). Similarly for B(z^, r, t) and W^(z^, ti, ^2, s)- 

Lemma 21.17 Assume x,u, z,w, s are pairwise distinct non-b variables, R is an elementary formula, T is 
an elementary formula functional for z, E — E{b, s) is a safe formula all of whose free variables are among 
b,s, and the following provabilities hold: 

PTA h i?-^^(fa) = u; (127) 
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PTA h i?^W^(z'^,w,w,b,s); (128) 

PTA h i?^E(z^,w) aF(z'^,u;). (129) 

Then PTA proves 

R W^{z^, w, u,b,s)U UxM{z'^, w, x). (130) 

Idea. According to (|128p . PTA knows that, under the assumptions (of the truth of) R and T, z is a 
(b, u))-adequate counterbehavior and, in the context of the (z, ef,)-branch, by time w, the play is legal and it 
has evolved to the position E{b, s). Under the above assumptions, the target (|130|) is the problem of telling 
whether the same situation persists up to time u (the left U -disjunct of the consequent), or whether a (legal 
or illegal) move is made at some time x with w<x<^{b) (the right U -disjunct), i.e. — in view of (jl27p — 
at some time x with w<x<u. 

Solving this problem is not hard. Conditions (|127p and (jl29l) . by Lemma [21.161 imply full knowledge 
of the configurations of the machine at any time t with w<t<u. Using this knowledge, we can trace the 
work of the machine step-by-step starting from w and ending with u-1 and see if a move is made or not. 
Technically, such "tracing" can be implemented relying on the induction rule of Lemma 120.21 ■ 

Proof. Assume all conditions of the lemma. We shall point out that the condition on the safety of 
E is not relevant to the present proof, and it is included in the formulation of the lemma merely for the 
convenience of future references. 

By Lemma [2 1.1 61 condition (|129p implies 

PTA h RAw<t<^{b)^E{z'^,t) A¥{z'^,t) (131) 

which, in turn, in view of condition (|127l) . can be easily seen to further imply 

PTA h R/\w<t<u^E{z'^,t) A¥{z'^,t). (132) 

Obviously PA h W^(2:-^, w, w, b, s) — > A(z^, w, w). This, together with (|128l) . by Transitivity, yields 
PTA h A{z'^ ,w,w), whence, by U -Choose, 

PTA \- R^ A(z^, w, w) U \JxM{z'^, w, x). (133) 

Claim 1: PTA proves 

RAw<t<^{b) A {A{z'^,w,t) u\JxM{z'^,w,x)) ^ A{z'^ ,w,t') u\JxM{z'^ ,w, x). (134) 

Proof. As in the case of Lemmas l21.13l and l21.141 we will have to limit ourselves to an informal reasoning 
within PTA. Assume RAw<t<^{b), and (a single copy) of the resource 

A{z'^,w,t)u\JxM{z^,w,x) (135) 

from the antecedent of (|134p is at our disposal. Our task is to solve the consequental problem 

A{z'^,w,t')u\JxB{z'^,w,x). (136) 

The environment will have to choose one of the two U-disjuncts of (|135p . If the right disjunct is chosen, 
then we also choose the identical right disjunct in (1136p . thus reducing the (relevant part of the) overall play 
to UxM{z'^ ,w,x) \-ixM{z'^ , w , x) which, having the form F -^F, is, of course, solvable/provable. 

Suppose now the left disjunct of p35p is chosen, bringing the latter to A{z'^,w,t). If this formula is 
false, we win. So, assume it is true. In view of (|13ip . we have access to the resource ¥.{z'^ , t), which contains 
information about the state of the machine at time t in the play against the counterbehavior z {^Hhe^^ due 
to the functionality of T for z) for which T is true. If that state is not a move state, then we resolve (|136p 
by choosing its left component. And if that state is a move state, then we resolve (|136p by choosing its right 
component and specifying a; as t in it. With a little thought, this can be seen to guarantee a win. ■ 

From (|133p and Claim 1, by the rule of Lemma [20.21 we find 

PTA h RAw<t<C{b)~^A{z^,w,t) U \JxM{z'^,w,x) 
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which, in view of condition (I127P , obviously imphes 

PTA h R.Aw<t<u^A{z'^,w, t) U L\xB>{z^ , w, x). 
Applying first ri-lntroduction and then Fl-Elimination to the above formula, we get 

PTA h R Aw<u<u ^ A{7J,w,u)u\JxM{zJ,w,x). (137) 

But the condition ■w<£^{b) is part of W'^(z-^, w, w, b, s) and hence, in view of (jl28p and (|127p . PTA obviously 
proves R^w<u<u. This, in conjunction with (jl37l) . can be easily seen to imply the PTA-provability of 

R^ K{z^ ,w,u)uUxM{z'^ ,w,x). (138) 

Clearly PA h W^(z'^, w, b, s) ^ A(z^, w, u) W^{z^, w, u, b, s). This, together with p^ . by Transi- 
tivity, implies that PTA proves 

R^A{z'^,w,u)^W'^{z^,w,u,b,s). (139) 

One can easily verify that CL4 proves 

(p -> u Q) A (p ^ gi ^ 92) ^ (j3 ^ 92 u Q). 

Now, (|138p A p39p (|130p can be seen to be an instance of the above formula and hence provable in PTA. 
Modus-poncnsing it with ([^5)) and yields (the PTA-provability of) the desired ([^0)) . ■ 

Assume i? is a safe formula. We say that a formula G is a U -deletion of i? iff G is the result of replacing 
in E some surface occurrence of a subformula iJi U ... U Hm by Hi (some i e {1, . . . , m}). And we say 
that a formula G(2/) is a U-deletion of iff G{y) is the result of replacing in E some surface occurrence 
of a subformula UyH{y) by iJ(y) (deleting " Uy", that is). Note that U -deletions and U-deletions of a safe 
formula remain safe, and do not create free occurrences of variables that also have bound occurrences, which 
would otherwise violate Convention 18. II 

Lemma 21.18 Assume the conditions of Lemma \21.17\ are satisfied. Let Gi — Gi{b, s), . . . ,Gm ~ Gm{b,s) 
be all of the U -deletions of E, and Hi = Hi{b, s,yi), . . . ,Hn — Hn{b, s,yn) be all of the VA-deletions of E 
(each Hi is obtained from E by deleting a surface occurrence of "Uyi ")■ Let t be a fresh variable, and C(t) 
and D(t) be abbreviations defined by 

<C(t) = WGi(z^,i',i',b,s)u ... uWG™(z^,t',t',b,^; 

B{t) = UyiW^i(z^,t',t',b,s,2/i)u ... uUy„W^"(z^,i',t',b,s,y„). 

Then PTA proves 

i? AB(z^,-u;,t) ^LuC(t) u]D)(t). (140) 

Idea. By the conditions of the lemma plus the additional condition expressed by the antecedent of 
(jl40l) . and in the context of the play according to the scenario of the (z, ef,)-branch (for the counterbehavior 
z satisfying T), we — PTA, that is — know that, by time w, the play has evolved to the position E, and 
that, at time t with w<t<^{b), some new move /3 has been made by the machine. From (|131l) . we have 
all information necessary to determine whether /? is legal or not and — if /3 is legal — what move exactly 
it is. If /? is illegal, the machine does not win X after all, so we can choose L in the consequent of (|140|) . 
And if /3 is legal, then, depending on what it is, we can choose C{t) or ©(t) in the consequent of (|140p . and 
then further choose in it the corresponding subcomponent W^' (z^, <, b, s) or (UyiW^* (z"^, i', i', b, s, y^) 
and then) W^-(z'^,t',i',b,s,c). ■ 

Proof. Assume the conditions of the lemma. Let us fix the two sets {ai, . . . , am} and {/3i, ...,/?„} of 
strings such that the move that brings E{b,s) down to Gi{b,s) is a^I^ and the move that brings £'(b,s) 
down to Hi{b, s, c) (whatever constant c) is Pi.c. 

■^^ Strictly speaking, more than one move can bring E to the same U-deletion (e.g., think of the case E = Y \-\ Y). But this is 
not a serious problem, and is easily taken care of by assuming that the list Gi, . . . , Gm has repetitions if necessary so that, for 
each move that turns E into one of its U-dcletions, the list contains a separate copy of the corresponding U-deletion. 
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For each i G {1, . . . , m}, let Gi{z) be an elementary formula saying that B(2, w, t) is true and the move 
made by the machine at time t in the (z, e[,)-branch is a^. Extending our notational practice to this formula, 
Gi{z'^) will be an abbreviation of Vz(T ^ Gi(z)) . 

Claim 1. PTA proves 

i?AB(z^,w,t)^Gi(z^)u ... u(G,„(z^) u^(Gi(z'^) V ... vG„i(z'^)). (2^45^) 

Proof. Let fc be the greatest of the lengths of the moves ai, . . . , am- Argue in PTA. Assume 
R aMIz"^ ,w,t). Consider the counterbehavior z for which T is true, and consider the play according to 
the scenario of the (z, et,)-branch. M{z'^,w,t) implies w<t<S^{b). Therefore, in view of (|13ip . full infor- 
mation is available about the situation in the machine at time t. Using this information, we first find the 
location I of the work-tape head and, using the results of Section [T9l find a with a — min{l, k). Then we 
construct a full picture of the contents of cells ^^0 through #(a-l) of the work tape at time t. From this 
picture, we can determine whether it shows making one of the moves ai (and which one), or none, and 
accordingly choose the true U -disjunct of the consequent of (|141|) . ■ 

For each i G {1, . . . , n}, let Hi(z) be an elementary formula saying that B(z, w, t) is true and the move 
made by the machine at time t in the (z, eb)-branch has the prefix Mi{z'^) will be an abbreviation of 

Vz(r->H,(z)). 

Claim 2. PTA proves 

i?AB(z^,w,^)^Hi(z^)u ... uH„(z^) u^(Hi(z'^) V ... vH„(z'^)). (142) 

Proof. Similar to the proof of Claim 1. ■ 

For each i G {1, . . . , n}, let W.'^{z, y) be an elementary formula saying that IHIi(z) is true and the move made 
by the machine at time t in the (z, ei,)-branch is /3i.y. IHI^(z"^, y) will be an abbreviation of \Iz{T IHI'j(z, y)) . 

Claim 3. For each i £ {1, . . . , n}, PTA proves 

i?AH,(z^)^Uy,HKz^,yOuL. (143) 

Proof. Take any i G {1, . . . ,n}. Let k be the length of the string . Let J(z, v, y) be a formula saying 

"M.i{z) (is true) and, in the [z^Ci,) -branch, at time t, on the work tape, cells =ffk through ^{k + v) 
spell constant y, and the location of the head is not any of the cells f/=0, f^l, . . . , ^(k + v + l) ". 

J[(z"^, V, y) will be an abbreviation of \/z{T — >■ J(z, v, y)) . 

Argue in PTA. We want to prove, by WPTI induction on v, that 

w<fc + b^i?AHj(z'^) ^LuUy,H^(z'^,y,) uUyJ[(z^,w,y). (144) 

The basis is 

R A H,(z^) ^ L U Uy,H^(z^, y,) U UyJ(z^, 0, y). (145) 

Assume the (truth of the) antecedent of the above. Consider the counterbehavior z for which T is true, and 
consider the play according to the scenario of the (z, ef,)-branch. We will implicitly rely on the fact that, in 
view of (|13ip (whose antecedent is implied by R f\M.i{z'^)), full information is available about the situation 
in the machine at time t. The problem (jl45l) is solved as follows, where "head" and "cell" always mean those 
of the work tape, and "located" or "contains" mean that this is so at time t. 

1. Using the results of Section[THl figure out whether |fc + l| <b (|fc'| < b, that is) and, if so, find the values 
of k and fc + 1 and then continue according to Steps 2-4. If, however, |fc+l|>b, then choose L in the 
consequent of (jl45p and you are done as it is guaranteed to be true. This is so because, from Axiom 
13, we know that \t\ <b, and thus k + l>t\ this, in turn, means that the head would not have enough 
time to go as far as cell #(fc + l); and, if so, the machine cannot make a legal move at time t, so it 
loses. 
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2. If the location of the head is not greater than k, then we are deahng with the fact of X having just (at 
time t) made an iUegal move which is "/3i." or some proper initial substring of it, so choose L in the 
consequent of (|145p because X loses. 

3. Suppose the head is located at cell + Then: 

• If cell #/c contains 0, then we are dealing with the fact of X having made the move /3i.O, so choose 
\JyiM'^{z'^, Ui) in the consequent of (jl45l) and specify yi as in it. 

• If cell contains 1, then we are dealing with the fact of X having made the move so choose 
VAyiW[{z^ , yi) in the consequent of (jl45l) and specify yi as 1 in it. 

• If cell 4f^k contains any other symbol, then we are dealing with the fact of X having made an 
illegal move, so choose L. 

4. Suppose the location of the head is greater than fc+1. Then: 

• If cell ^k contains 0, choose U?/J[(2-'", 0, y) in the consequent of (|145p and specify y as in it. 

• If cell #/c contains 1, choose U?/JJ(z-'", 0, y) in the consequent of p45p and specify j/ as 1 in it. 

• If cell #/c contains any other symbol, choose L. 

The inductive step is 

(R A H,(z^) ^ L U Uy,H^(z^, y,) U U2/J(z^, v, y)) ^ 

{r a H,(0^) L U UyM.iz'^, y^) U UyJ(z^, v', y)) . ^'^^^ 

Assume R f\M.i{z^) is true (otherwise (|146p is won). Under this assumption, solving (|146p essentially means 
solving the following problem: 

L U Uy,H^(^^, y{) U UyJ(z^, i;, y) ^ L U Uy,H^(z^, y,) U UyJ(z^, w', y). (147) 

This problem is solved as follows. Wait for the environment to choose a U -disjunct in the antecedent. If 
that choice is one of the first two disjuncts, choose the identical disjunct in the consequent, and then resolve 
the resulting problem of the form F-^F. Suppose now the third disjunct UyJ[(z^,w,y) is chosen. Wait 
till it is further brought to I{z'^,v,c) for some c. Consider the counterbehavior z for which T is true, and 
consider the play according to the scenario of the (z, et,)-branch. As was done when justifying the basis of 
induction, we will rely on the fact that, in view of (I13ip . full information is available about the situation in 
the machine at time t. In our subsequent discourse, "head" and "cell" always mean those of the work tape, 
and "located" or "contains" mean that this is so at time t. Note that, as implied by JJ(z'^,w,c), the location 
of the head is greater than k + v'. So, using the results of Section [121 we can tell ( U ) whether that location 
is k + v' + l or greater than k + v' + l. We correspondingly consider the following two cases and resolve the 
consequent of (|147p accordingly: 

1. Suppose the head is located at cell ^{k + v' + l). Then: 

• If cell 4f{k + v') contains 0, then we are dealing with the fact of X having made the move /3i.cO, 
so choose UyiH.[{z'^ , yi) in the consequent of (|147p and specify yi as cO in it. 

• If cell #(/c + w') contains 1, then we are dealing with the fact of X having made the move Pi-cl, 
so choose [AyiW^^z'^ ^yi) in the consequent of p47p and specify yi as cl in it. 

• If cell #:/c contains any other symbol, then we are dealing with the fact of X having made an 
illegal move, so choose L. 

2. Suppose the location of the head is greater than k + v' + l. Then: 

• If cell #/c contains 0, choose UyJJ(z-^, t;', y) in the consequent of (|147p and specify y as cO in it. 

• If cell #/c contains 1, choose UyJJ(z-^, w', y) in the consequent of p47p and specify y as cl in it. 

• If cell #A: contains any other symbol, choose L. 
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Now, (dUl) follows by WPTI from and 

We continue our proof of Claim 3 by arguing in PTA towards the goal of justifying (|143p . Assume (the 
truth of) the antecedent of the latter. As before, we let z be the counterbehavior satisfying T, and let the 
context of our discourse be the play according to the scenario of the (z, e[,)-branch. From (|13ip . we find the 
location / of the work-tape head at time t. If 1 = 0, we are dealing with the fact of the machine having made 
an illegal move (the empty move), so choose L in the consequent of (jl43p . Otherwise, we find the number a 
with l = a' (the results of Section [19] will allow us to do so). From (|144p . we get 

a<fc + b^i?A Hj(z^) ^ L U Uy,H-(z'^, y,) U UyJ(z^, a, y). (148) 

Next, we figure out (again relying on the results of Section [TO)) whether a<fc + b or not. If not, we are 
obviously dealing with the case of the machine having made an illegal ("too long a") move, so we choose L 
in the consequent of (|143p . Suppose now a<fc + b. Then, from (|148l) by Modus Ponens applied twice, we get 

L U Uy,%{z^. y^) U Uj/J(z^, a, y). (149) 

Our remaining task is to show how to solve the consequent 

Uy,HKz^,y,)uL (150) 

of (|143p using the resource (jl49l) . This is very easy. Wait till the environment selects a U -disjunct of (|149l) . 
If one of the first two disjuncts is selected, select the identical disjunct in (I150p and, having brought things 
down to a problem of the form F ^ F, solve it. And if the third disjunct UyJ(z'^, a, y) of (|149p is selected, 
we win. That is because, no matter what c the environment further selects for y in it, the resulting formula 
J(z-^,a,c) will be false as it implies that the work-tape head at time t is not located at cell #(a+l), which 
is a contradiction — as we remember, l = a' is exactly the location of the head. 
Our proof of Claim 3 is now complete. ■ 

Claim 4. PA h i? A B(z^, w, i) ^ ^((Gi(z'^) V ... V G™(z'^)) A -(Hi(z^) V ... vH„(z^))^L. 

Proof. This and the following two claims can be proven by a straightforward argument within PA based 
on the meanings of the predicates involved in the formula. Assume R aM{z'^ ,w,t) and 

-(Gi(z^)v ... vG,„(z^)) A^(Hi(z^) V ... vH„(z'^)). (151) 

Consider the counterbehavior z satisfying T, and the play according to the scenario of the (z, e[,)-branch. 
According to (|128p . by time w the play has evolved to position E{b,s). And, according to M{z'^ ,w,t), a 
(first new) move /3 has been made by the machine at time t. Obviously the assumption (|15ip precludes the 
possibility of such a /3 being a legal move of E{b,s). So, /3 is illegal, which makes the machine lose the game, 
and hence L is true. ■ 

Claim 5. For each i £ {I, . . . ,m}, PA h i? ^ Gi(z^) W^' (z^, i', i ', b, s). 

Proof. Argue in PA. Assume R and Gi(z^). Consider the counterbehavior z satisfying T, and the play 
according to the scenario of the (z, e[,)-branch. According to p28p . by time w the play has evolved to position 
E{b, s). And, according to Gi(z"^), a (first new) move has been made by the machine at time t, and such a 
move is a^. But this move brings E{b,s) down to Gi{b,s}. This, in turn, implies that W'~^' {z'^ ,t' ,t' ,b, s) is 
true. ■ 

Claim 6. For each i G {1, . . . , n}, PA h i? ^ ^[{z'^ , Vt) ^ W^* (z^, t' , t', b, s, yi). 

Proof. Very similar to the proof of Claim 5. Argue in PA. Assume R and ]HI^(z"^, y,). Consider the 
counterbehavior z satisfying T, and the play according to the scenario of the (z, et,)-branch. According to 
(|128p . by time w the play has evolved to position -E(b, s). And, according to Mi{z'^ , yi), a (first new) move 
has been made by the machine at time t, and such a move is Pi.yi. But this move brings E(b,s) down to 
Hiib, s,yi). This, in turn, implies that W^' (z-^, t', t', b, s,yi) is true. ■ 

To complete our proof of Lemma r21.181 it remains to observe that (I140p is a logical consequence of Claims 
1-6. Since we have played more than enough with CL4, here we only schematically outline how to do this 
purely syntactic exercise. 
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First of all, Claims 1 and 2 can be easily seen to imply 

PTAhi?AB(z^,w,<)^Gi(z^)u ... u(G,„(2'^) uHi(z^) u ... uH„(z^)u 
(^(Gi(z^) V ... V G„(z^)) A ^(Hi(z^) V ... V H„(z^))) . 

The above, together with Claim 4, further implies 

PTA h i? A B(z^, w, t) -> GiizJ) u ... u u Hi(z'^) u . . . u H„(z'^) u L. 

This, in turn, together with Claim 5, further implies 

PTA h i?AB(z^,-u;,t) ^C(i) uHi(z^) U . . . uH„(z^) uL. 
The above, together with Claim 3, further implies 

PTA h R An{z^ ,w,t) ^ C{t) uUyiM[{z^ ,yi) U ... U U?/„H;(z^, y„) U L. (152) 
Claim 6 can be seen to imply 

PTA h i? ^ Uy.mz'^, y,) -> Uy,W^' (z^, t' , t' , b, s, y,) 
for each i £ {1, . . . ,n}. This, together with (|152p . can be seen to imply the desired (|140p . ■ 

Lemma 21.19 Under the conditions of Lemma \21.17\ and using the abbreviations of Lemma \21.18[ PTA 
proves 

R^hu Ux{C{x) u D(x)) u W^(z^, w, u, b, s). (153) 
Idea. This is a logical consequence of the previous two lemmas. ■ 

Proof. Assume the conditions of Lemma 121.171 Then, according to Lemmas 121.171 and 121.181 PTA 
proves (|130p and (|140p (where, in the latter, t is a fresh variable). The target formula (I153P is a logical 
consequence of those two formulas, verifying which is a purely syntactic exercise. As we did in the proof 
of the previous lemma, here we only provide a scheme for such a verification. It is rather simple. First, 
applying U-Choose and Fl-Introduction to (|140p . we get 

PTA h i? A \JxM{z'^, w, x) ^ L U Ua;(C(a;) U D(a;)) . 

And then we observe that the above, together with PTA h (fT30| . implies PTA h (fT53| . ■ 



Lemma 21.20 Under the conditions of Lemma \2rTT\ PTA h i? ^ E{b,s). 

Idea. Under the assumption of the truth of _R, one of the three U -disjuncts of the consequent of (|153p 
is available as a resource. In each case, we need to show (in PTA) how to solve the target E = E{h, s). 

1. The case of L is taken care of by Lemma [21.31 according to which PTA h L -> i?. 

2. The case of U2;(C(a;) uD(a;)), depending on which of its U- and U -components are further chosen, 
allows us to jump to a formula F (one of the Gi, l<i<m or Hi, l<i<n) from which E follows by U -Choose 
or U-Choose. With appropriately readjusted R and certain other parameters, by the induction hypothesis, 
we know how to solve F. Then (by U -Choose or U-Choose) we also know how to solve E. 

3. Finally, consider the case of W^{z'^, w,u,b,s). E can be critical or non-critical. The case of E being 
critical is almost immediately taken care of by Lemma [21.51 according to which PTA h 3zW^{z, w, w, b, s) — s- E. 
Suppose now E is non-critical. Then, by Lemma r21.4[ according to which PTA h 3zW^{z, w, u,b,s) ^ 

the elementarization of E is true/provable. Relying on the induction hypothesis as in the previous case, and 
replacing T(z) by a formula S{z) saying that z is a certain one-move extension of the counterbehavior 
satisfying T, we manage to show that any other (other than ||-E||) necessary Wait-premise of E is also 
solvable/provable. Then, by Wait, we know how to solve/prove E. m 



91 



Proof. We prove this lemma by (meta)induction on the complexity of E{b, s). Assume the conditions 
of Lemma [ITTTl Then, by Lem ma [ITIl PTA h ((T53l) . 

By Lemma [2l.3[ PTA h L — >• E{b,s), whence, by Weakening, 



PTA hLAi?^£;(b,s). (154) 
In what follows, we will rely on the additional assumptions and abbreviations of Lemma 121.181 



Claim 1. For each i e {l,...,m}, FTA\- W^' {z\t' ,t' s) A R ^ E{b, s). 

Proof. Pick any i G {1, . . . , m} and a fresh variable v. 
From condition (|127|) . by Weakenings, we have 

PTA h v = t' /\W^^{z^,t',t',b,s) A R^(,{b) = u. (155) 

And, of course, we also have 

PTA h w = t' AW^'(z^,i',i',b,s) Ai?^W°'(z'^,w,v, b,s). (156) 

Condition (I129P and Lemma [2 1 . 161 implv 

PTA h RAw<v<£_{b)^E{z'^,v) a¥{z^,v). (157) 

In view of condition ()128p , we also obviously have 

PTA h u = t' A W^'(z^,i',t',b,s) Ai?^i?Aw<v<C(b). (158) 

From (I158P and (|157p . by Transitivity, we get 

PTAh v = t' AW^^{z^,t',t',b,s) aR^ E{z^,v) a¥{z^,v). (159) 

By the induction hypothesis of our lemma, with v, Gi{b,s) and v = t' aW~^' {z"^ ,t' ,t' ,b, s) A R in the 
roles of w, E{b, s) and R, (fTSSj) . (fTse]) and ([T59l) — which correspond to ([T27l) . ([T25| and (fT29|) . respectively 

— imply 

PTA h u = t' A W^'(z^,i',t',b,s) Ai?^G'i(b,s). 

The above, by Fl-Introduction, yields 



PTA h Ux{x = t')AW^^{z^,t',t',b,s)AR^Gi{b,s}. (160) 

Remembering the definition of W, the condition <' <^(b) is one of the conjuncts of W-^' (^z^ ,t' , t', b, s). Hence 
PA h W^' (z^, t', t', b, s) t'<^{b). Together with condition ([T?f)) . this implies 

PTA h W^' (z^, t', t', b, s)aR^ t'<u. 

But, by Axiom 13, PTA h |m| < b. Hence, obviously, PTA h W^' (z'^, t', t',b,s)AR^ \t'\< b. This, together 
with in Axiom 10, by Transitivity, yields PTA h W^' (z^, t', i', b, s) A i? ^ Ua;(a; = t'). And the latter, in 
turn, in conjunction with (jl60p . can be seen to imply 



PTA h W'^'(z'^,t',t',b,.s) Ai?^Gi(b,s). (161) 



Now, it remains to notice that the desired W*^' (z-^, t' , t',b,s) aR-^ E{b, s) follows from (I16ip by U -Choose. 



Claim 2. For each ie {!,..., n}, PTA h L\y,W"^ {z'^ ,t' ,t' ,b, s,y^) A R ^ E{b, s). 

Proof. Pick any i £ {1, . . . , n}. Arguing as we did for (|16ip in the proof of Claim 1, we find 

PTA h W^'(z^,t',t', b, s,2/,)Ai?^i?^(b,s,yO- 
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Applying first U-Choose and then Fl-Introduction to the above, we get the desired conclusion PTA h 

Claims 1 and 2, by n -Introductions, imply 

PTAh ((W^i(z'^,t',t',b,s) u ... uW^"^{z^,t',t',b,s)) u 

{Uy,W"^{zT,t',t',b,s,yi)u ... uUy,,W"-{z'^ ,t' ,t' ,b,s,yn))) A R^WJ) 

which, using the abbreviations of Lemma [21.18i is written as PTA h (C(<) U D(i)) A i? E{b, s). The latter, 
by ri-Introduction, yields 

PTA h Ux{C{x) u]D)(x)) AR^E{b,s). (162) 
Claim 3. If E{b,s) is not critical, thenPTAh ||W^(z^, w, m, b, s) A i? ^ S(b, s)||. 

Proof. Assume E{b,s) is not critical. Then, Lemma [21.41 together with the fact of T being functional 
for z, can be easily seen to imply PTA h 'W^(z'^,w,£,{b),b,s^ — > ||i?(b,s)||. Remembering condition (jl27l) . 
the latter can be seen to further imply PTA h 'W^{z'^, w,u,b, s) A R-^ \\E{b, s)\\, which is the same as to 
say that PTA h \\'W^{z'^, w,u,b,s) A R^ E{b, s)\\, because both W^(z-^, w, u, b, s) and R are elementary. 
■ 

Claim 4. Assume E{b, s) has the form F[Ji n . . . n Jk], and i G {1, . . . , k}. Then 

PTA h W^(z^, w,u,b,s)AR^ FpiJ. 

Proof. From (|127p . by Weakening, we have 

PTA h W^{z^, w,u,b,s)AR^ ^{b) = u. (163) 

Assume E{b, s) = F[Ji n ... n Jk] and l<i<k. Let a be the move whose effect is turning F[Jin ... n Jk] 
into F[Ji]. Let us write our formula T in the form T{z). Let S = S{z) be a formula saying that z is 
the code of the counterbehavior resulting by adding the timestamped move {a,w-l) to the counterbe- 
havior a for which T{a) holds. Of course, S is functional for z. It is not hard to see that PA proves 
W-^ {z'^ ^WjUjb, s) (z'^ ,w,w,b, s) and (z"^ ,w,w,b, s) ^W-^^'^^^z^ ,w,w,b, s). Therefore it proves 

W^{z'^, w, u, b, s) — J- W^['^'l(2:'^, w, w, b, s), whence, by Weakening, 

PTA h W-^(z^, w,u,b,s)AR^ W-^[-'''l (z"^, w, w, b, s). (164) 

Next, we claim that 

PTA h i?^E(z'5,-u;) aF(z'5,u;). (165) 

Here is a brief justification of (|165p through reasoning in PTA. Let a be the counterbehavior for which 
T{a) is true, and let d be the counterbehavior for which S{d) is true. Assume R. Then, in view of (|129p . 
the resource ¥,{z'^ ,w) AF(z^,ii;) is available for us in unlimited supply. That is, we have full information 
about the configuration of X at time w in the (a, e[,)-branch. Solving (|165p means being able to generate full 
information about the configuration of X at time w in the (d, e[,)-branch. Since the time w is fixed and is 
the same in both cases, let us no longer explicitly mention it. Note that the two configurations are identical, 
for the exception of the contents of the run tape. So, from the resource E(z"^, w) A F(z^, w) which describes 
the configuration of the (a, eb)-branch, we can directly tell the (identical) state of X in the configuration 
of the (d, et,)-branch, as well as the locations of all three scanning heads, and the contents of any cells of 
the valuation and work tapes. Next, in order to tell the location of the leftmost blank cell on the run tape 
in the configuration of the (d, e(,)-branch (or tell that the size of this location exceeds b), all we need is to 
compute i+j + 1, where i is the location of the leftmost blank cell of the run tape in the configuration of the 
(a, eb)-branch (unless 1«| ^ b, in which case the size of the sought value also exceeds b), and j is the location 
of the work-tape head in the configuration of the (a, e(,)-branch. Finally, consider any cell #c of the run 
tape. If c is less than the above i, then the content of cell #c in the configuration of the (d, eb)-branch is 
the same as in the (a, e[,)-branch. Otherwise, if c>i, then the sought content is the (c-i)th symbol (starting 
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the count of those symbols from rather than 1) of the labmove _La — unless c-z is greater or equal to the 
length of this labmove, in which case the sought content of cell #c is blank. 
From l|165p . by Weakening, we have 

PTA h W^(z^, w, M, b, s) A i? ^ E(z^, w) A F(z^, w). (166) 

By the induction hypothesis of our lemma, with F[Ji] and W^(z"^,u>,m, b,s) aR in the roles of E and 
R, (IT55| . ([TMl) and pM)) — wh ich co rrespond to dTTf]) . ([^5)1 and p^ . respectively — imply the desired 
PTAh W^(z^,w,M, b,s)Ai?^F[Ji]. ■ 

Claim 5. Assume E(b,s) has the form F[nxJ{x)], and v is a variable not occurring in E{b,s). Then 

PTA h W^(z^, w,u,b,s)AR^ F[J{v)]. 

Proof. Assume E — F[nxJ{x)], and u is a fresh variable. Let a be the string such that, for 
whatever constant c, a.c is the move which brings -F[na;J(x)] down to F[J(c)]. Arguing almost liter- 
ally as in the proof of Claim 4, only with "a.i;" instead of a and "J(w)" instead of "Ji", we find that 
PTA h W^(z'^ , w,u,b,s) A R^ F[J{v)]. The only difference and minor complication is related to the fact 
that, while in the proof of Claim 4 the labmove Ta was constant, the corresponding labmove Ta.v in the 
present case is not. Hence, its size is not given directly but rather needs to determined (while arguing within 
PTA). No problem, this (for the "v" part of the labmove) can be done using Lemma [19. II Similarly, various 
symbols of the labmove that were given directly in the proof of Claim 4 will now have to be determined 
using some general procedure. Again no problem: this (for the "w" part of the labmove) can be done using 
Lemma [T9l0l ■ 

Now we claim that 

PTA h W^(z^,w,M, b,s) Ai?^£:(b,s). (167) 

Indeed, if E{b,s) is not critical, then the above follows from Claims 3, 4 and 5 by the closure of PTA 
under Wait. Suppose now E{b,s} is critical. Then, by LcmmalHH PTA h 3zW^(2, w, ^(b), b,s}^E{b,s}. 
This, in view of the functionality of T for z and condition ()127p . can be easily seen to imply PTA h 
W"^(z"^, w,u,b,s) A R^ E{b, s), as claimed. 

From (fTSij) . (fT62l) and (fTeT]) . by n -Introduction, we find that PTA proves 

(h U L\x{C{x) U ©(a;)) U W^{z'^, w,u,b,s)^ A R^ E{b,s). (168) 

In turn, the PTA-provability of (|153l) and (|168l) can be easily seen to imply the desired PTA-provability 
of R E{b, s). This completes our proof of Lemma [21.201 ■ 



Lemma 21.21 PTAh Ux{x = £,{b)) ^ X{b). 

Idea. We take u = ^{b) Aw = 0' in the role of R, X in the role of E and show that the conditions 
of Lemma [2 1 . 1 71 are satisfied. Then, by Lemma [21.201 PTA proves M = ^(b) Aw = 0'^X. And the target 
formula Ua;(a; = ^(b)) — >• X is an almost immediate logical consequence of the latter and Lemma 113.31 ■ 

Proof. Let R be the formula u = ^(b) Aw = 0'. Then, of course, we have 

PTA h i?^$(b) = u. (169) 

Let T{z) be an elementary formula saying that z is (the code of) the empty counterbehavior. Obviously 
PA proves b^O {z"^ ,0' ,0' ,b) and hence, in view of Lemma [1321 PTA proves 'W^ {z^ ,0' ,b). 

Therefore, as R contains the condition w = 0' , 

VTAh R^m^{z^ ,w,w,b). (170) 
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Next, we observe that PTA h E(z'^,0) aF(z'^,0). Indeed, arguing in PTA, solving both E(z^,0) and 
F(z^,0) is very easy as we know exactly and fully the situation in the machine at time 0, which is nothing 
but the start configuration of the machine. The observation that we just made, of course, implies 

PTA h u = O^E(z^,t;) aF(z^,u). (171) 

From (|17ip , by Lemma 121.161 we get 

PTA h v = OAv<w<£,{b)~>E{z'^,w)AF{z'^,w). (172) 

Since w = 0' is a conjunct of R, PA obviously proves b^O v = ^ R v = A v<w<^{b)^^ But, by Lemma 
[TX^ PTA h b^O. Hence, by Modus Ponens, PTA h v = ^ R ^ v = Av <w <^{b). From here and (IT7^ . 
by Transitivity, we get 

PTA ^v = O^R^ E(z^, w) A ¥{z^, w) 

whence, by Fl-Introduction, 

PTA h \Jx{x = 0) ^ R^E{z'^,w) a¥{z'^,w), 

modus-ponensing which with Axiom 8 yields 

PTA h i?^E(z^,u)) aF(z'^,u;). (173) 

Now, with X{b) in the role of E{b, s), the conditions (I169p . (I170p and (|173p are identical to the conditions 
([T?7| . ([T^ and ([T^ of Lemma HIIITl Hence, by Lemma HOOl we have PTA h R^X{b), i.e. 



PTA h u = ^{b) Aw = 0' ~^X{b). 
From the above, by Fl-Introduction, we get 



PTA h u = ^{b) A Ua;(a; = 0') ^ X{b). 

But the second conjunct of the antecedent of the above formula is provable by Lemma ll3.3l Hence, we obvi- 
ously have PTA h u = ^{b) X{b) which, by Fl-Introduction, yields the desired PTA h Ua;(a; = ^(b)) ^ X{b). 



21.7 Completing the completeness proof 

By Lemma [IMI PTA h -n\£,{b)\<b u\Jx{x = (,{b)) . By Lemmas [HH] and [2r2Tl we also have PTA h 
^|C(b)| < fa and PTA h \Jx{x = ^{b)) -^X. From these three facts, by U -Elimination, PTA h X. 

22 Inherent extensional incompleteness in the general case 

The extensional completeness of PTA is not a result that could be taken for granted. In this short section we 
argue that, if one considers computability- in- general instead of polynomial time computability, extensional 
completeness is impossible to achieve for whatever recursively axiomatizable sound extension of PTA. 

First of all, we need to clarify what is meant by considering computability- in-general instead of polynomial 
time computability. This simply means a minor readjustment of the semantics of ptarithmetic. Namely, such 
a readjusted semantics would be the same as the semantics we have been considering so far, with the only 
difference that the time complexity of the machine solving a given problem would no longer be required to 
be polynomial, but rather it would be allowed to be arbitrary without any restrictions. Alternatively, we can 
treat U as the ordinary U of computability logic (rather than as done throughout the present 

paper), and then forget about any complexity altogether. 

^^Remember that X runs in time 5(b). By definition, this means that T's time in any play is less than 5(b). Hence, the term 
5(b) cannot be 0, or x b, or anything else that always evaluates to 0. Therefore, of course, PA h ^{b) > b. 
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In either case, our extensional incompleteness argument goes like this. Consider any system S in the style 
of PTA whose proof predicate is decidabl^^ and hence the theoremhood predicate recursively enumerable. 
Assume S is sound in the same strong sense as PTA — that is, there is an effective procedure that extracts 
an algorithmic solution (HPM) for the problem represented by any formula F from any S-proof of F . 

Let then A{s) be the predicate which is true iff: 

• s is (the code of) an S-proof of some formula of the form \~\x{^E{x) U where E is elementary, 

• and E{s) is false. 

On our assumption of the soundness of S, A{s) is a decidable predicate. Namely, it is decided by a 
procedure that first checks if s is the code of an S-proof of some formula of the form T\x{^-^E{x) uE(x)), 
where E is elementary. If not, it rejects. If yes, the procedure extracts from s an HPM % which solves 
\~\x{j-^E{x) U E{x)), and then simulates the play of Ti against the environment which, at the very beginning 
of the play, makes the move s, thus bringing the game down to ~>E{s) uE(s). If, in this play, H responds 
by choosing -^E{s), then the procedure accepts s; and if H responds by choosing E{s), then the procedure 
rejects s. Obviously this procedure indeed decides the predicate A. 

Now, assume that S is extensionally complete. Since A is decidable, the problem \~\x(^-^A{x) U A{x)) has 
an algorithmic solution. So, for some formula F with F^ — \~\x(^-^A{x) U A{x)) and some c, we should have 
that c is an S-proof of F. Obviously F should have the form \~\x(^-^E{x) U E{x)), where E is an elementary 
formula with — A{x). We are now dealing with the absurd of A{c) being true iff it is false. 

23 On the intensional strength of PTA 

Theorem 23.1 Let X and L he as in Section\M Then PTA h ^L^X. 

Proof. As established in Section [211 PTA h X. By induction on the complexity of X, details of which 
we omit, it can also easily be seen that PTA \- X ^ -iL X. So, by Modus Ponens, PTA h X. ■ 

Remember that, in Section X was an arbitrary PTA- formula assumed to have a polynomial time 
solution under the standard interpretation ^ . And was a certain true sentence of the language of classical 
Peano arithmetic. We showed in that section that PTA proved a certain formula X with x'' = X^ . That 
is, we showed that X was "extensionally provable" . 

According to our present Theorem 123. 11 in order to make X also provable in the intensional sense, all we 
need is to add to the axioms of PTA the true elementary sentence -iL. 

In philosophical terms, the import of Theorem l23.1l is that the culprit of the intensional incompleteness of 
PTA is the (Godel's) incompleteness of its classical, elementary part. Otherwise, the "nonelementary rest" 
— the extra-Peano axioms and the PTI rule — of PTA, as a bridge from classical arithmetic to ptarithmetic, 
is as perfect/strong as it could possibly be: it guarantees not only extensional but also intensional provability 
of every polynomial time computable problem as long as all necessary true elementary formulas are taken 
care of. This means that if, instead of PA, we take the truth arithmetic Th(N) (the set of all true sentences 
of the language of PA) as the base arithmetical theory, the corresponding version of PTA will be not only 
extensionally, but also intensionally complete. Unfortunately, however, such a system will no longer be 
recursively axiomatizable. 

So, in order to make PTA intensionally stronger, it would be sufhcient to add to it new true elementary 
(classical) sentences, without any need for also adding some nonelementary axioms or rules of inference 
that deal with nonelementary formulas. Note that this sort of an extension, even if in a language more 
expressive than that of PA, would automatically remain sound and extensionally complete: virtually nothing 
in this paper relies on the fact that PA is not stronger than it really is. Thus, basing applied theories 
on computability logic allows us to construct ever more expressive and intensionally strong (as well as 
extensionally so in the case of properly more expressive languages) theories without worrying about how to 
preserve soundness and extensional completeness. Among the main goals of this paper was to illustrate the 
scalability of computability logic rather than the virtues of the particular system PTA based on it. The 

^^PTA can easily be readjusted to satisfy this condition by requiring that each logical axiom in a PTA-proof be supplemented 
with a proof of that axiom in some known (fixed) sound and complete recursively axiomatized calculus for classical logic. 
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latter is in a sense arbitrary, as is PA itself: in the role of the classical part of PTA, we could have chosen 
not only any true extension of PA, certain weaker-than-PA theories as well, for our proof of the extensional 
completeness of PTA does not require the full strength of PA. The reason for not having done so is purely 
"pedagogical" : PA is the simplest and best known arithmetical theory, and reasoning in it is much more 
relaxed, easy and safe than in weaker versions. PTA is thus the simplest and nicest representative of the 
wide class of "ptarithmetics" , all enjoying the same relevant properties as PTA does. 

Among the potential applications of ptarithmetic-style systems is using them as formal tools for finding 
efficient solutions for problems (after developing reasonable theorem-provers, which, at this point, only 
belongs to the realm of fantasy, of course) . One can think of those systems as ideally declarative programming 
languages, where human "programming" simply means stating the problem/formula whose efficient solution 
is sought (for systematic usage in the future), and hence the program verification problem is non-existent. 
Compiling such a "program" means finding a proof, followed by the easy step of translating it into an 
assembly-language program/solution. This process of compiling may take long but, once compiled, the 
program runs fast ever after. The stronger such a system is, the better the chances that a solution for a 
given problem will be found. Of course, what matters in this context is intensional rather than extensional 
strength. So, perfect strength is not achievable, but we can keep moving ever closer to it. 

One may ask why not think of simply using PA (or even, say, ZFC) instead of PTA for the same 
purposes: after all, PA is strong enough to allow us reason about polynomial time computability. This is 
true, but PA is far from being a reasonable alternative to PTA. First of all, as a tool for finding solutions, 
PA is very indirect and hence hopelessly inefficient. Pick any of the basic arithmetical functions of Section 
[T2]and try to generate, in PA, a full formal proof of the fact that the function is polynomial-time computable 
(or even just express this fact) to understand the difference. Such a proof would have to proceed by clumsy 
reasoning about non-number objects such as Turing machines and computations, which, only by good luck, 
happen to be amenable to being understood as numbers through encoding. In contrast, reasoning in PTA 
would be directly about numbers and their properties, without having to encode any foreign beasts and 
then try to reason about them as if they were just kind and innocent natural numbers. Secondly, even if 
an unimaginably strong theorem-prover succeeded in finding such a proof, there would be no direct use of 
it because, from a proof of the existence of a solution we cannot directly extract a solution. Furthermore, 
even knowing that a given HPM X solves the problem in some polynomial time ^, would have no practical 
significance without knowing what particular polynomial ^ is, in order to asses whether it is "reasonable" 
(such as b^, b^, . . . ) or takes us beyond the number of nanoseconds in the lifespan of the universe (such as 
^9999999999 -J order to actually obtain a solution and its polynomial degree, one would need a constructive 
proof, that is, not just a proof that a polynomial (, and a ^-time solution exist, but a proof of the fact that 
certain particular numbers a and b are (the codes of) a polynomial term ^ and a ^-time solution X. This 
means that a theorem-prover would have to be used not just once for a single target formula, but an indefinite 
(intractably many) number of times, once per each possible pair of values of a, b until the "right" values is 
encountered. To summarize, PA does not provide any reasonable mechanism for handling queries in the 
style "find a polynomial time solution for problem A": in its standard form, PA is merely a YES/NO kind 
of a "device" . 

The above dark picture can be somewhat brightened by switching from PA to Heyting's arithmetic HA 
— the version of PA based on intuitionistic logic instead of classical logic, which is known to allow us to 
directly extract, from a proof of a formula 3xF(x), a particular value of x for which F(x) is true. But 
the question is why intuitionistic logic and not computability logic? Both claim to be "constructive logics" , 
but the constructivistic claims of computability logic have a clear semantical meaning and justification, 
while intuitionistic logic is essentially an ad hoc invention whose constructivistic claims are mainly based on 
certain syntactic and hence circular considerations!^ without being supported by a convincing and complete 
constructive semantics. And, while HA is immune to the second one of the two problems pointed out in 
the previous paragraph, it still suffers from the first problem. At the same time, as a reasoning tool, HA is 
inferior to PA, for it is intensionally weaker and, from the point of view of the philosophy of computability 
logic, is so for no good reasons. As a simple example, consider the function / defined by "/(x) = x if PA is 
either consistent or inconsistent, and f{x) = 2x otherwise". This is a legitimately defined function, and we 

■^^What creates circularity is the common-sense fact that syntax is merely to serve a meaningful semantics, rather than vice 
versa. It is hard not to remember the following words from |24) here: "The reason for the failure of P U —<P in computability 
logic is not that this principle ... is not included in its axioms. Rather, the failure of this principle is exactly the reason why 
this principle, or anything else entailing it, would not be among the axioms of a sound system for computability logic". 
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all — just as PA — know that extensionally it is the same as the identity function f{x) = x. Yet, HA can 
be seen to fail to prove — in the intensional sense — its computability. 

A natural question to ask is: Is there a formula X of the language of PTA whose polynomial time 
solvability is constructively provable in PA yet X is not provable in PTA? Remember that, as we agreed 
just a while ago, by constructive provability of the polynomial time solvability of X in PA we mean that, 
for some particular HPM X and a particular polynomial (term) ^, PA proves that X is a ^-time solution 
of X. If the answer to this question was negative, then PA, while indirect and inefhcient, would still have 
at least something to say in its defense when competing with PTA as a problem-solving tool. But, as seen 
from the following theorem, the answer to the question is negative: 

Theorem 23.2 Let X be any formula of the language o/PTA such that PA constructively proves (in the 
above sense) the polynomial time solvability of X . Then PTA h X. 

Proof. Consider any formula X of the language of PTA. Assume PA constructively proves the 
polynomial time solvability of X, meaning that, for a certain HPM X and a certain term ^ (fix them), PA 
proves that X solves X in time ^. But this is exactly what the formula L of Section [21] denies. So, PA h ^L. 
But, by Theorem [20. we also have PTA \- ^h^X. Consequently, PTA \- X. U 

An import of the above theorem is that, if we tried to add to PTA some new nonelementary axioms in 
order to achieve a properly greater intensional strength, the fact that such axioms are computable in time 
^ for some particular polynomial ^ would have to be unprovable in PA, and hence would have to be "very 
nontrivial" . The same applies to attempts to extend PTA through some new rules of inference. 

24 Give Caesar what belongs to Caesar 

The idea of exploring versions of Peano arithmetic motivated by and related to various complexity-theoretic 
considerations and concepts is not new. In this connection one should mention a solid amount of work on 
studying bounded arithmetics, with the usage of the usual quantifiers V, 3 of PA restricted to forms such 
as Va:(a;<T — !> -F(a;)) and 3x(^x <t A F{x)) , where r is a term not containing x. Parikh |27) was apparently 
the first to tackle bounded quantifiers in arithmetic. A systematic study of bounded arithmetics and their 
connections to complexity theory was initiated in the seminal work [5] by Buss. Hajek and Pudlak [9] 
give an extensive survey of this area. The main relevant results in it can be summarized saying that, by 
appropriately weakening the induction axiom of PA and then further restricting it to bounded formulas 
of certain forms, and correspondingly readjusting the nonlogical vocabulary and axioms of PA, certain 
soundness and completeness for the resulting system(s) S can be achieved. Such soundness results typically 
read like "If S proves a formula of the form \/x3yF{x,y), where F satisfies such and such constraints, then 
there is function of such and such computational complexity which, for each a, returns a b with F{a, by" . And 
completeness results typically read like "For any function / of such and such computational complexity, there 
is an S-provable formula of the form \/x3yF{x, y) such that, for any a and b, F{a, b) is true iff & = /(a)"- 

Among the characteristics that make our approach very different from the above, one should point out 
that it extends rather than restricts the language and the deductive power of PA. Restricting the language 
and power of PA in the style of the approach of bounded arithmetics throws out the baby with the bath water. 
Not only does it expel from the system many complexity-theoretically unsound yet otherwise meaningful and 
useful theorems, but it apparently also reduces — even if only in the intensional rather than extensional sense 
— the class of complexity-theoretically correct provable principles. This is a necessary sacrifice there, related 
to the inability of the underlying classical logic to clearly differentiate between constructive ( n , U , U) 
and "ordinary" , non-constructive versions ( A , V , V, 3) of operators. Classical logic has never been meant to 
be a constructive logic, let alone a logic of efficient computations. Hence an attempt to still make it work as 
a logic of computability or efficient computability cannot go without taking a toll, and results such as the 
above-mentioned soundness can only be partial. 

The problem of the partiality of the soundness results has been partially overcome in [5] through basing 
bounded arithmetic on intuitionistic logic instead of classical logic. In this case, soundness extends to all 
formulas of the form \/x3yF(x, y), without the "F satisfies such and such constraints" condition (the reason 
why we still consider this sort of soundness partial is that it remains to be limited to formulas of the form 
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yx3yF{x, y), even if for arbitrary Fs; similarly, completeness is partial because it is limited to functions only 
which, for us, are only special cases of computational problems). However, for reasons pointed out in the 
previous section, switching to intuitionistic logic signifies throwing out even more of the "baby" from the 
bath tub, further decreasing the intensional strength of the theory. In any case, whether being based on 
classical or intuitionistic logic, bounded arithmetics do not offer the flexibility of being amenable to being 
strengthened without losing soundness, and are hence "inherently weak" theories. 

In contrast, computability logic avoids all this trouble and sacrifices by giving Caesar what belongs to 
Caesar, and God what belongs to God. As we had a chance to see throughout this paper, classical ( A , V , V, 3) 
and constructive ( n , U , U) logical constructs can peacefully coexist and complement each other in one 
natural system that seamlessly extends the classical, constructive, resource- and complexity-conscious visions 
and concepts, and does so not by mechanically putting things together, but rather on the basis of one natural, 
all-unifying game semantics. Unlike most other approaches where only few, special-form expressions (if any) 
have clear computational interpretations, in our case every formula is a meaningful computational problem. 
Further, we can capture not only computational problems in the traditional sense, but also problems in the 
more general — interactive — sense. That is, ptarithmetic or computability-logic-based theories in general, 
are by an order of magnitude more expressive and deductively powerful than the classical- logic-based PA, 
let alone the far more limited bounded arithmetics. 

Classical logic and classical arithmetic, so close to the heart and mind of all of us, do not at all need to 
be rejected or tampered with (as done in Heyting's arithmetic or bounded arithmetic) in order to achieve 
constructive heights. Just the opposite, they can be put in faithful and useful service to this noble goal. Our 
heavy reliance on reasoning in PA throughout this paper is an eloquent illustration of it. 

25 Thoughts for the future 

The author wishes to hope that the present work is only a beginning of a longer and more in-depth line of 
research on exploring computability-logic-based theories (arithmetic in particular) with complexity-conscious 
semantics. There is an ocean of problems to tackle in this direction. 

First of all, it should be remembered that the particular language of ptarithmetic employed in this paper 
is only a modest fragment of the otherwise inordinately expressive and, in fact, open-ended formalism of 
computability logic. Attempting to extend the present results to more expressive versions of ptarithmetic is 
one thing that can be done in the future. Perhaps a good starting point would be considering the language 
employed in |25| which, in addition to the present connectives, has the operator •ih, with A»itB being 
the problem of reducing B to A where any finite number of reusages of A is allowed. In a more ambitious 
perspective, a development of this line may yield a discovery of a series of new, complexity-conscious operators 
that are interesting and useful in the context of interactive computational complexity while not quite so in 
the ordinary context of computability-in-principle. 

Another direction to continue the work started in this paper would be to try to consider complexity 
concepts other than polynomial time complexity. Who knows, maybe these studies can eventually lead 
to a discovery of substantially new, not-yet tried weapons for attacking the famous and notorious open 
problems in complexity theory. Two most immediate candidates for exploration are logarithmic space and 
polynomial space computabilities. While the precise meaning of logarithmic space computability in our 
interactive context is yet to be elaborated, a definition of polynomial space computability comes almost for 
free. It can be defined exactly as we defined polynomial time computability in Section [71 only, instead of 
counting the number of steps taken by the machine (T's time, to be more precise), we should count the 
number of cells ever visited by the head of the work tape. What, if any, variations of the PTI rule (and 
perhaps also the nonlogical axioms) would yield systems of psarithmetic ("polynomial space arithmetic") 
or larithmetic ("logarithmic space arithmetic"), sound and complete with respect to polynomial space or 
logarithmic space computability in the same sense as PTA is sound and complete with respect to polynomial 
time computability? 
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